Arbitrary Command Execution in Openswan Client via Shell Metacharacters in cisco_banner Field

Arbitrary Command Execution in Openswan Client via Shell Metacharacters in cisco_banner Field

CVE-2010-3753 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.

Learn more about our Cis Benchmark Audit For Cisco.