Executive Summary
Summary | |
---|---|
Title | New strongswan packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-1899 | First vendor Publication | 2009-10-02 |
Vendor | Debian | Last vendor Modification | 2009-10-02 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2 packets. (The old stable distribution (etch) was not affected by these two problems because it lacks IKEv2 support.) CVE-2009-2185 CVE-2009-2661 The pluto daemon could crash when processing a crafted X.509 certificate. For the old stable distribution (etch), these problems have been fixed in version 2.8.0+dfsg-1+etch2. For the stable distribution (lenny), these problems have been fixed in version 4.2.4-5+lenny3. For the unstable distribution (sid), these problems have been fixed in version 4.3.2-1.1. We recommend that you upgrade your strongswan packages. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1899 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
25 % | CWE-310 | Cryptographic Issues |
25 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11079 | |||
Oval ID: | oval:org.mitre.oval:def:11079 | ||
Title: | The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | ||
Description: | The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-2185 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13577 | |||
Oval ID: | oval:org.mitre.oval:def:13577 | ||
Title: | DSA-1899-1 strongswan -- several | ||
Description: | Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2 packets. CVE-2009-2185 CVE-2009-2661 The pluto daemon could crash when processing a crafted X.509 certificate. For the old stable distribution, these problems have been fixed in version 2.8.0+dfsg-1+etch2. For the stable distribution, these problems have been fixed in version 4.2.4-5+lenny3. For the unstable distribution, these problems have been fixed in version 4.3.2-1.1. We recommend that you upgrade your strongswan packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1899-1 CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | strongswan |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18226 | |||
Oval ID: | oval:org.mitre.oval:def:18226 | ||
Title: | DSA-1898-1 openswan - denial of service | ||
Description: | It was discovered that the pluto daemon in openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1898-1 CVE-2009-2185 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | openswan |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22909 | |||
Oval ID: | oval:org.mitre.oval:def:22909 | ||
Title: | ELSA-2009:1138: openswan security update (Important) | ||
Description: | The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1138-01 CVE-2009-2185 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | openswan |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29103 | |||
Oval ID: | oval:org.mitre.oval:def:29103 | ||
Title: | RHSA-2009:1138 -- openswan security update (Important) | ||
Description: | Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1138 CESA-2009:1138-CentOS 5 CVE-2009-2185 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openswan |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8047 | |||
Oval ID: | oval:org.mitre.oval:def:8047 | ||
Title: | DSA-1899 strongswan -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: The charon daemon can crash when processing certain crafted IKEv2 packets. (The old stable distribution (etch) was not affected by these two problems because it lacks IKEv2 support.) The pluto daemon could crash when processing a crafted X.509 certificate. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1899 CVE-2009-1957 CVE-2009-1958 CVE-2009-2185 CVE-2009-2661 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | strongswan |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8369 | |||
Oval ID: | oval:org.mitre.oval:def:8369 | ||
Title: | DSA-1898 openswan -- denial of service | ||
Description: | It was discovered that the pluto daemon in openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1898 CVE-2009-2185 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | openswan |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for openswan CESA-2009:1138 centos5 i386 File : nvt/gb_CESA-2009_1138_openswan_centos5_i386.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:273 (strongswan) File : nvt/mdksa_2009_273.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan0.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan2.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan1.nasl |
2009-10-13 | Name : SLES10: Security update for openswan File : nvt/sles10_openswan0.nasl |
2009-10-13 | Name : SLES10: Security update for openswan File : nvt/sles10_openswan.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan2.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan1.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan0.nasl |
2009-10-11 | Name : SLES11: Security update for openswan File : nvt/sles11_openswan1.nasl |
2009-10-11 | Name : SLES11: Security update for openswan File : nvt/sles11_openswan0.nasl |
2009-10-10 | Name : SLES9: Security update for freeswan File : nvt/sles9p5059240.nasl |
2009-10-10 | Name : SLES9: Security update for freeswan File : nvt/sles9p5053980.nasl |
2009-10-06 | Name : Debian Security Advisory DSA 1898-1 (openswan) File : nvt/deb_1898_1.nasl |
2009-10-06 | Name : Debian Security Advisory DSA 1899-1 (strongswan) File : nvt/deb_1899_1.nasl |
2009-09-15 | Name : Gentoo Security Advisory GLSA 200909-05 (openswan) File : nvt/glsa_200909_05.nasl |
2009-08-17 | Name : SuSE Security Summary SUSE-SR:2009:013 File : nvt/suse_sr_2009_013.nasl |
2009-08-06 | Name : strongSwan Denial Of Service Vulnerability - Aug09 File : nvt/gb_strongswan_dos_vuln_aug09.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-7423 (openswan) File : nvt/fcore_2009_7423.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-7478 (openswan) File : nvt/fcore_2009_7478.nasl |
2009-07-06 | Name : RedHat Security Advisory RHSA-2009:1138 File : nvt/RHSA_2009_1138.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-07-06 | Name : CentOS Security Advisory CESA-2009:1138 (openswan) File : nvt/ovcesa2009_1138.nasl |
2009-06-30 | Name : StrongSwan/Openswan Denial Of Service Vulnerability June-09 File : nvt/secpod_strongswan_n_openswan_dos_vuln_jun09.nasl |
2009-06-19 | Name : strongSwan IKE_SA_INIT and IKE_AUTH DoS Vulnerabilities File : nvt/gb_strongswan_mult_dos_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55421 | Openswan ASN.1 Parser Crafted X.509 Certificate Remote IKE Daemon DoS |
55420 | strongSwan ASN.1 Parser Crafted X.509 Certificate RDN IKE Daemon Remote DoS |
55047 | strongSwan charon Daemon charon/sa/tasks/child_create.c IKE_AUTH Request Hand... |
55046 | strongSwan charon Daemon charon/sa/ike_sa.c IKE_SA_INIT Request Handling DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1138.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090702_openswan_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_strongswan-6529.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1898.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1899.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1138.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_openswan-6481.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_openswan-6329.nasl - Type : ACT_GATHER_INFO |
2009-09-25 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12503.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_strongswan-090626.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_strongswan-090608.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openswan-090909.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_openswan-090627.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_strongswan-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openswan-6328.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openswan-6478.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_strongswan-6286.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12445.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_strongswan-6327.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_strongswan-6480.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_strongswan-090906.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_openswan-090909.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_openswan-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_strongswan-090908.nasl - Type : ACT_GATHER_INFO |
2009-09-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200909-05.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_strongswan-090626.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_strongswan-090608.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_openswan-090627.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_strongswan-090626.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_strongswan-090608.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_openswan-090627.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7423.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Fedora host is missing a security update. File : fedora_2009-7478.nasl - Type : ACT_GATHER_INFO |
2009-07-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1138.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:28:52 |
|