StrongSwan/Openswan Denial Of Service Vulnerability June-09 Network Vulnerability

Summary

The host is installed with strongSwan/Openswan and is prone to Denial of Service vulnerability.

Impact

Successful exploitation will allow attacker to cause pluto IKE daemon crash. Impact Level: Application

Solution

Upgrade to OpenSwan version 2.6.22 or 2.4.15 http://www.openswan.org/code Upgrade to strongSwan version 2.8.10 or 4.2.16 or 4.3.2 http://www.strongswan.org/

Insight

- Error in 'ASN.1' parser in pluto/asn1.c, libstrongswan/asn1/asn1.c, and libstrongswan/asn1/asn1_parser.c is caused via an 'X.509' certificate with crafted Relative Distinguished Names (RDNs), a crafted UTCTIME string, or a crafted GENERALIZEDTIME string.

Affected

OpenSwan version 2.6 before 2.6.22 and 2.4 before 2.4.15 strongSwan version 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2

References

http://secunia.com/advisories/35522
http://www.vupen.com/english/advisories/2009/1639

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2185
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ClamAV Prior to 0.96.5 Multiple Vulnerabilities
Ciscokits TFTP Server Long Filename Denial Of Service Vulnerability
Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
freeFTPD PORT Command Denial of Service Vulnerability
ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)

Take action and discover your vulnerabilities