Computer Security
[EN] securityvulns.ru no-pyccku


Openswan / Strongswan security vulnerabilities
updated since 07.04.2014
Published:07.05.2014
Source:
SecurityVulns ID:13670
Type:remote
Threat Level:
7/10
Description:Buffer overflow, DoS, protection bypass.
Affected:OPENSWAN : Openswan 2.6
 STRONGSWAN : strongSwan 5.1
CVE:CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.)
 CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.)
 CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.)
 CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2922-1] strongswan security update (07.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2903-1] strongswan security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2893-1] openswan security update (07.04.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod