Summary
Kevin Cernekee discovered that a malicious VPN gateway can send crafted responses which trigger stack-based buffer overflows.
Solution
For the stable distribution (squeeze), this problem has been fixed in version 2.25-0.1+squeeze2.
We recommend that you upgrade your openconnect packages.
Insight
OpenConnect is an open client for the Cisco AnyConnect VPN.
Affected
openconnect on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-6128 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities