This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:openswan:openswan |
| Detail | |||
|---|---|---|---|
| Vendor | Openswan | First view | 2004-12-06 |
| Product | Openswan | Last view | 2011-11-17 |
| Version | Type | Application | |
| Edition | |||
| Language | |||
| Update | |||
Activity : Yearly
COMMON PLATFORM ENUMERATION : Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:/a:openswan:openswan:2.6.36 | 1 |
| cpe:/a:openswan:openswan:2.6.35 | 2 |
| cpe:/a:openswan:openswan:2.6.34 | 2 |
| cpe:/a:openswan:openswan:2.6.33 | 2 |
| cpe:/a:openswan:openswan:2.6.32 | 2 |
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 4 | 2011-11-17 | CVE-2011-4073 | Network | Low | Requires ... | |
| 5 | 2011-11-17 | CVE-2011-3380 | Network | Low | None Requ... | |
| 3.6 | 2011-05-20 | CVE-2011-2147 | Local | Low | None Requ... | |
| 6.5 | 2010-10-05 | CVE-2010-3753 | Network | Low | Requires ... | |
| 6.5 | 2010-10-05 | CVE-2010-3752 | Network | Low | Requires ... | |
| Date | Alert | Access Vector | Access Complexity | Authentification | ||
|---|---|---|---|---|---|---|
| 6.5 | 2010-10-05 | CVE-2010-3308 | Network | Low | Requires ... | |
| 6.5 | 2010-10-05 | CVE-2010-3302 | Network | Low | Requires ... | |
| 5 | 2009-06-24 | CVE-2009-2185 | Network | Low | None Requ... | |
| 5 | 2009-04-01 | CVE-2009-0790 | Network | Low | None Requ... | |
| 4.4 | 2008-09-24 | CVE-2008-4190 | Local | Medium | None Requ... | |
| 7.8 | 2005-11-18 | CVE-2005-3671 | Network | Low | None Requ... | |
| 7.2 | 2005-01-26 | CVE-2005-0162 | Local | Low | None Requ... | |
| 10 | 2004-12-06 | CVE-2004-0590 | Network | Low | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (2) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
| 22% (2) | CWE-20 | Improper Input Validation |
| 11% (1) | CWE-399 | Resource Management Errors |
| 11% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 11% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| % | id | Name |
|---|---|---|
| 11% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 11% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:10078 | The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6... |
| oval:org.mitre.oval:def:11171 | The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2... |
| oval:org.mitre.oval:def:11079 | The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76725 | Openswan Uuse-after-free Crypto Helper Handler ISAKMP Phase 1 Authentication ... |
| 76100 | Openswan pluto/ike_alg.c ike_alg_enc_ok() Function ISAKMP Message IKE Packet ... |
| 75016 | Openswan Multiple File Permissions Weakness Arbitrary File Write |
| 68393 | Openswan Client programs/pluto/xauth.c cisco_banner Field Shell Metacharacter... |
| 68392 | Openswan Client programs/pluto/xauth.c cisco_*_info Packet Shell Metacharacte... |
| id | Description |
|---|---|
| 68385 | Openswan Client programs/pluto/xauth.c cisco_banner Field Remote Overflow |
| 68384 | Openswan Client programs/pluto/xauth.c cisco_*_info Data Packet Handling Remo... |
| 60992 | FreeS/WAN ISAKMP Protocol Unspecified Malformed Input Remote DoS (PROTOS) |
| 60991 | Openswan ISAKMP Protocol Unspecified Malformed Input Remote DoS (PROTOS) |
| 55421 | Openswan ASN.1 Parser Crafted X.509 Certificate Remote IKE Daemon DoS |
| 55420 | strongSwan ASN.1 Parser Crafted X.509 Certificate RDN IKE Daemon Remote DoS |
| 53209 | Openswan Pluto IKE Daemon Dead Peer Detection NULL Dereference Remote DoS |
| 53208 | strongSwan Pluto IKE Daemon Dead Peer Detection NULL Dereference Remote DoS |
| 49096 | Openswan IPSEC livetest Tool Multiple Temporary File Symlink Arbitrary File O... |
| 13195 | Openswan XAUTH/PAM get_internal_addresses() Function Remote Overflow |
| 7281 | Swan Products X.509 Certificate Validation Bypass and DoS |
Milw0rm Exploits
| id | Description |
|---|---|
| 2009-07-13 | Openswan <= 2.4.12/2.6.16 Insecure Temp File Creation Root Exploit |
ExploitDB Exploits
| id | Description |
|---|---|
| 9135 | Openswan <= 2.4.12/2.6.16 Insecure Temp File Creation Root Exploit |
