Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в OpenSwan / StrongSwan
Опубликовано:3 октября 2009 г.
Источник:
SecurityVulns ID:10280
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные уязвимости в реализации IKE.
Затронутые продукты:OPENSWAN : Openswan 2.4
 OPENSWAN : Openswan 2.6
 STRONGSWAN : Strongswan 4.2
 STRONGSWAN : Strongswan 2.8
 STRONGSWAN : Strongswan 4.3
CVE:CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.)
 CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.)
 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.)
 CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1899-1] New strongswan packages fix denial of service (03.10.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород