Executive Summary

Informations
Name MDVSA-2009:273 First vendor Publication 2009-10-12
Vendor Mandriva Last vendor Modification 2009-10-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability has been found and corrected in strongswan:

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string (CVE-2009-2185).

This update fixes this vulnerability.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:273

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11079
 
Oval ID: oval:org.mitre.oval:def:11079
Title: The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
Description: The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2185
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18226
 
Oval ID: oval:org.mitre.oval:def:18226
Title: DSA-1898-1 openswan - denial of service
Description: It was discovered that the pluto daemon in openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
Family: unix Class: patch
Reference(s): DSA-1898-1
CVE-2009-2185
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): openswan
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22909
 
Oval ID: oval:org.mitre.oval:def:22909
Title: ELSA-2009:1138: openswan security update (Important)
Description: The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
Family: unix Class: patch
Reference(s): ELSA-2009:1138-01
CVE-2009-2185
Version: 6
Platform(s): Oracle Linux 5
Product(s): openswan
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29103
 
Oval ID: oval:org.mitre.oval:def:29103
Title: RHSA-2009:1138 -- openswan security update (Important)
Description: Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN).
Family: unix Class: patch
Reference(s): RHSA-2009:1138
CESA-2009:1138-CentOS 5
CVE-2009-2185
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openswan
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8369
 
Oval ID: oval:org.mitre.oval:def:8369
Title: DSA-1898 openswan -- denial of service
Description: It was discovered that the pluto daemon in openswan, an implementation of IPSEC and IKE, could crash when processing a crafted X.509 certificate.
Family: unix Class: patch
Reference(s): DSA-1898
CVE-2009-2185
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): openswan
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 30
Application 26

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for openswan CESA-2009:1138 centos5 i386
File : nvt/gb_CESA-2009_1138_openswan_centos5_i386.nasl
2009-10-19 Name : Mandrake Security Advisory MDVSA-2009:273 (strongswan)
File : nvt/mdksa_2009_273.nasl
2009-10-13 Name : SLES10: Security update for openswan
File : nvt/sles10_openswan0.nasl
2009-10-13 Name : SLES10: Security update for strongswan
File : nvt/sles10_strongswan1.nasl
2009-10-11 Name : SLES11: Security update for openswan
File : nvt/sles11_openswan0.nasl
2009-10-11 Name : SLES11: Security update for strongswan
File : nvt/sles11_strongswan1.nasl
2009-10-10 Name : SLES9: Security update for freeswan
File : nvt/sles9p5053980.nasl
2009-10-06 Name : Debian Security Advisory DSA 1898-1 (openswan)
File : nvt/deb_1898_1.nasl
2009-10-06 Name : Debian Security Advisory DSA 1899-1 (strongswan)
File : nvt/deb_1899_1.nasl
2009-09-15 Name : Gentoo Security Advisory GLSA 200909-05 (openswan)
File : nvt/glsa_200909_05.nasl
2009-08-17 Name : SuSE Security Summary SUSE-SR:2009:013
File : nvt/suse_sr_2009_013.nasl
2009-07-29 Name : Fedora Core 10 FEDORA-2009-7423 (openswan)
File : nvt/fcore_2009_7423.nasl
2009-07-29 Name : Fedora Core 11 FEDORA-2009-7478 (openswan)
File : nvt/fcore_2009_7478.nasl
2009-07-06 Name : RedHat Security Advisory RHSA-2009:1138
File : nvt/RHSA_2009_1138.nasl
2009-07-06 Name : CentOS Security Advisory CESA-2009:1138 (openswan)
File : nvt/ovcesa2009_1138.nasl
2009-06-30 Name : StrongSwan/Openswan Denial Of Service Vulnerability June-09
File : nvt/secpod_strongswan_n_openswan_dos_vuln_jun09.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55421 Openswan ASN.1 Parser Crafted X.509 Certificate Remote IKE Daemon DoS

55420 strongSwan ASN.1 Parser Crafted X.509 Certificate RDN IKE Daemon Remote DoS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1138.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090702_openswan_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1898.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1899.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1138.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_openswan-6329.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_strongswan-6327.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openswan-6328.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_strongswan-090626.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_openswan-090627.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12445.nasl - Type : ACT_GATHER_INFO
2009-09-10 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200909-05.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_openswan-090627.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_strongswan-090626.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_openswan-090627.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_strongswan-090626.nasl - Type : ACT_GATHER_INFO
2009-07-13 Name : The remote Fedora host is missing a security update.
File : fedora_2009-7478.nasl - Type : ACT_GATHER_INFO
2009-07-13 Name : The remote Fedora host is missing a security update.
File : fedora_2009-7423.nasl - Type : ACT_GATHER_INFO
2009-07-03 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1138.nasl - Type : ACT_GATHER_INFO