Computer Security
[EN] securityvulns.ru no-pyccku


strongswan security vulnereabilities
Published:05.11.2013
Source:
SecurityVulns ID:13386
Type:remote
Threat Level:
6/10
Description:DoS, authentication bypass.
Affected:STRONGSWAN : strongSwan 5.1
CVE:CVE-2013-6075 (The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2789-1] strongswan security update (05.11.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod