{"api_version":"1","generated_at":"2026-04-23T05:57:45+00:00","cve":"CVE-2005-0162","urls":{"html":"https://cve.report/CVE-2005-0162","api":"https://cve.report/api/cve/CVE-2005-0162.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2005-0162","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2005-0162"},"summary":{"title":"CVE-2005-0162","description":"Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.","state":"PUBLISHED","assigner":"mitre","published_at":"2005-01-26 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.2","severity":"","vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.osvdb.org/13195","name":"http://www.osvdb.org/13195","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/14038","name":"http://secunia.com/advisories/14038","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - Openswan XAUTH/PAM Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19078","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19078","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html","name":"http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora Core 3 Update: openswan-2.1.5-2.FC3.1","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1013014","name":"http://securitytracker.com/id?1013014","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Openswan Pluto get_internal_addresses() Remote Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openswan.org/support/vuln/IDEF0785/","name":"http://www.openswan.org/support/vuln/IDEF0785/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Openswan: IDEF0785 - Openswan XAUTH/PAM Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/12377","name":"http://www.securityfocus.com/bid/12377","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Xelerance Corporation Openswan XAUTH/PAM Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/14062","name":"http://secunia.com/advisories/14062","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Secunia - Advisories - Fedora update for openswan","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities","name":"http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Accenture | Let there be change","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2005-0162","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2005-0162","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2005","cve_id":"162","vulnerable":"1","versionEndIncluding":"1.0.9","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openswan","cpe5":"openswan","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2005","cve_id":"162","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xelerance","cpe5":"openswan","cpe6":"2.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T21:05:24.748Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"FEDORA-2005-082","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html"},{"name":"1013014","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1013014"},{"name":"12377","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/12377"},{"name":"20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities"},{"name":"openswan-xauth-pam-bo(19078)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19078"},{"name":"14062","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/14062"},{"name":"14038","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/14038"},{"name":"13195","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/13195"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.openswan.org/support/vuln/IDEF0785/"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2005-01-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"FEDORA-2005-082","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html"},{"name":"1013014","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1013014"},{"name":"12377","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/12377"},{"name":"20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities"},{"name":"openswan-xauth-pam-bo(19078)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19078"},{"name":"14062","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/14062"},{"name":"14038","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/14038"},{"name":"13195","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/13195"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.openswan.org/support/vuln/IDEF0785/"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2005-0162","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"FEDORA-2005-082","refsource":"FEDORA","url":"http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html"},{"name":"1013014","refsource":"SECTRACK","url":"http://securitytracker.com/id?1013014"},{"name":"12377","refsource":"BID","url":"http://www.securityfocus.com/bid/12377"},{"name":"20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability","refsource":"IDEFENSE","url":"http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities"},{"name":"openswan-xauth-pam-bo(19078)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/19078"},{"name":"14062","refsource":"SECUNIA","url":"http://secunia.com/advisories/14062"},{"name":"14038","refsource":"SECUNIA","url":"http://secunia.com/advisories/14038"},{"name":"13195","refsource":"OSVDB","url":"http://www.osvdb.org/13195"},{"name":"http://www.openswan.org/support/vuln/IDEF0785/","refsource":"CONFIRM","url":"http://www.openswan.org/support/vuln/IDEF0785/"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2005-0162","datePublished":"2005-01-29T05:00:00.000Z","dateReserved":"2005-01-27T00:00:00.000Z","dateUpdated":"2024-08-07T21:05:24.748Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2005-01-26 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openswan:openswan:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.9","matchCriteriaId":"E2411B8B-FE2A-4E99-A280-0FB39291E96F"},{"vulnerable":true,"criteria":"cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"39C5F91B-EE8A-4A81-A21D-68A3F4295200"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2005","CveId":"162","Ordinal":"1","Title":"CVE-2005-0162","CVE":"CVE-2005-0162","Year":"2005"},"notes":[{"CveYear":"2005","CveId":"162","Ordinal":"1","NoteData":"Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.","Type":"Description","Title":"CVE-2005-0162"},{"CveYear":"2005","CveId":"162","Ordinal":"2","NoteData":"2005-01-29","Type":"Other","Title":"Published"},{"CveYear":"2005","CveId":"162","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}