Summary
This host has strongSwan and is prone to Denial of Service Vulnerability.
Impact
Successful exploitation allows attackers to crash pluto IKE daemon, corrupt memory and can cause denial of service.
Impact Level: Application
Solution
Upgrade to version 2.8.11, 4.2.17, and 4.3.3 or apply patches.
http://download.strongswan.org/patches/
http://www.strongswan.org/download.htm
*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****
Insight
The flaw is due to an error in 'asn1_length()' function in the 'libstrongswan/asn1/asn1.c' script. It does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs).
Affected
strongSwan version 2.8 before 2.8.11, 4.2 before 4.2.17 and 4.3 before 4.3.3
References
Severity
Classification
-
CVE CVE-2009-2661 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities