FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tinc -- Buffer overflow

Affected packages
tinc < 1.0.35
tinc-devel < 1.1pre17

Details

VuXML ID a4eb38ea-cc06-11e8-ada4-408d5cf35399
Discovery 2018-10-08
Entry 2018-10-09

tinc-vpn.org reports:

The authentication protocol allows an oracle attack that could potentially be exploited.

If a man-in-the-middle has intercepted the TCP connection it might be able to force plaintext UDP packets between two nodes for up to a PingInterval period.

References

CVE Name CVE-2018-16737
CVE Name CVE-2018-16738
CVE Name CVE-2018-16758
URL https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=d3297fbd3b8c8c8a4661f5bbf89aca5cacba8b5a
URL https://www.tinc-vpn.org/git/browse?p=tinc;a=commit;h=e97943b7cc9c851ae36f5a41e2b6102faa74193f