TheGreenBow IPSec VPN Client Local Stack Overflow Vulnerability Network Vulnerability

Summary

This host has TheGreenBow IPSec VPN Client installed and is prone to Stack Overflow vulnerability.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the system or compromise a system. Impact Level:System/Application

Solution

Apply patch from below link, http://www.thegreenbow.com/download.php?id=1000150 ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

The flaw is due to a boundary error when processing certain sections of 'tgb' (policy) files. Passing an overly long string to 'OpenScriptAfterUp' will trigger the overflow.

Affected

TheGreenBow IPSec VPN Client version 4.65.003 and prior.

References

http://secunia.com/advisories/38262
http://www.senseofsecurity.com.au/advisories/SOS-10-001
http://xforce.iss.net/xforce/xfdb/55793

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0392
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
ALZip MIM File Processing Buffer Overflow Vulnerability
Adobe Air Buffer Overflow Vulnerability (Mac OS X)
ChaSen Buffer Overflow Vulnerability (Linux)
A-V Tronics InetServ POP3 Denial Of Service Vulnerability

Take action and discover your vulnerabilities