Summary
This host has strongSwan and is prone to Denial of Service Vulnerability.
Impact
Successful exploitation allows attackers to crash pluto IKE daemon, corrupt memory and can cause denial of service.
Impact Level: Application
Solution
Upgrade to version 2.8.11, 4.2.17, and 4.3.3 or apply patches.
http://download.strongswan.org/patches/
http://www.strongswan.org/download.htm
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
The flaw is due to an error in 'asn1_length()' function in the 'libstrongswan/asn1/asn1.c' script. It does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs).
Affected
strongSwan version 2.8 before 2.8.11, 4.2 before 4.2.17 and 4.3 before 4.3.3
References
Severity
Classification
-
CVE CVE-2009-2661 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
- ejabberd 'mod_pubsub' Module Denial of Service Vulnerability
- EtherApe RPC Packet Processing Denial of Service Vulnerability
- Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability
- Firebird SQL 'op_connect_request' Denial Of Service Vulnerability (Win)