DSA-4312-1 tinc -- tincID: oval:org.secpod.oval:def:53434 | Date: (C)2019-03-26 (M)2023-12-20 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in tinc, a Virtual Private Network daemon. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-16738 Michael Yonli discovered a flaw in the implementation of the authentication protocol that could allow a remote attacker to establish an authenticated, one-way connection with another node. CVE-2018-16758 Michael Yonli discovered that a man-in-the-middle that has intercepted a TCP connection might be able to disable encryption of UDP packets sent by a node.