Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Openswan / Strongswan
дополнено с 7 апреля 2014 г.
Опубликовано:7 мая 2014 г.
Источник:
SecurityVulns ID:13670
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера, DoS, обход защиты.
Затронутые продукты:OPENSWAN : Openswan 2.6
 STRONGSWAN : strongSwan 5.1
CVE:CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.)
 CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.)
 CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.)
 CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2922-1] strongswan security update (07.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2903-1] strongswan security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2893-1] openswan security update (07.04.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород