StrongSwan Denial Of Service Vulnerability - Aug09 Network Vulnerability

Summary

This host has strongSwan and is prone to Denial of Service Vulnerability.

Impact

Successful exploitation allows attackers to crash pluto IKE daemon, corrupt memory and can cause denial of service. Impact Level: Application

Solution

Upgrade to version 2.8.11, 4.2.17, and 4.3.3 or apply patches. http://download.strongswan.org/patches/ http://www.strongswan.org/download.htm ***** NOTE: Ignore this warning if above mentioned patch is already applied. *****

Insight

The flaw is due to an error in 'asn1_length()' function in the 'libstrongswan/asn1/asn1.c' script. It does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs).

Affected

strongSwan version 2.8 before 2.8.11, 4.2 before 4.2.17 and 4.3 before 4.3.3

References

http://en.securitylab.ru/nvd/383254.php
http://www.openwall.com/lists/oss-security/2009/07/27/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2661
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
EtherApe RPC Packet Processing Denial of Service Vulnerability
Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)

strongSwan Denial Of Service Vulnerability - Aug09

Take action and discover your vulnerabilities