Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-16758

Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets.

Related bugs and status

CVE-2018-16758 (Candidate) is related to these bugs:

Bug #1797343: Unfixed security issues CVE-2018-16758, CVE-2018-16738

		In	Importance	Status
1797343	Unfixed security issues CVE-2018-16758, CVE-2018-16738	tinc (Ubuntu)	Undecided	Fix Released
1797343	Unfixed security issues CVE-2018-16758, CVE-2018-16738	tinc (Ubuntu Xenial)	Undecided	Confirmed
1797343	Unfixed security issues CVE-2018-16758, CVE-2018-16738	tinc (Ubuntu Bionic)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tinc-vpn.org/se...
CONFIRM: http://www.tinc-vpn.or...
DEBIAN: DSA-4312
MISC: https://www.starwindso...