Executive Summary
Summary | |
---|---|
Title | strongswan security update |
Informations | |||
---|---|---|---|
Name | DSA-3866 | First vendor Publication | 2017-05-30 |
Vendor | Debian | Last vendor Modification | 2017-05-30 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project. CVE-2017-9022 RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. CVE-2017-9023 ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. A fix for a build failure was additionally included in the 5.2.1-6+deb8u4 revision of the strongSwan package. For the stable distribution (jessie), these problems have been fixed in version 5.2.1-6+deb8u3. For the upcoming stable distribution (stretch), these problems have been fixed in version 5.5.1-4 For the unstable distribution (sid), these problems have been fixed in version 5.5.1-4. We recommend that you upgrade your strongswan packages. |
Original Source
Url : http://www.debian.org/security/2017/dsa-3866 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-08-17 | Name : The remote PhotonOS host is missing multiple security updates. File : PhotonOS_PHSA-2018-1_0-0126.nasl - Type : ACT_GATHER_INFO |
2017-07-20 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_c7e8e9556c6111e79b012047478f2f70.nasl - Type : ACT_GATHER_INFO |
2017-07-20 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e6ccaf8a6c6311e79b012047478f2f70.nasl - Type : ACT_GATHER_INFO |
2017-06-02 | Name : The remote Debian host is missing a security update. File : debian_DLA-973.nasl - Type : ACT_GATHER_INFO |
2017-06-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-1471-1.nasl - Type : ACT_GATHER_INFO |
2017-06-02 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2017-1473-1.nasl - Type : ACT_GATHER_INFO |
2017-05-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3866.nasl - Type : ACT_GATHER_INFO |
2017-05-31 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3301-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-06-21 21:24:10 |
|
2017-06-09 00:24:19 |
|
2017-06-01 13:24:59 |
|
2017-05-30 17:21:40 |
|