Summary
The host is installed with strongSwan/Openswan and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allow attacker to cause pluto IKE daemon crash.
Impact Level: Application
Solution
Upgrade to OpenSwan version 2.6.22 or 2.4.15
http://www.openswan.org/code
Upgrade to strongSwan version 2.8.10 or 4.2.16 or 4.3.2 http://www.strongswan.org/
Insight
- Error in 'ASN.1' parser in pluto/asn1.c, libstrongswan/asn1/asn1.c, and libstrongswan/asn1/asn1_parser.c is caused via an 'X.509' certificate with crafted Relative Distinguished Names (RDNs), a crafted UTCTIME string, or a crafted GENERALIZEDTIME string.
Affected
OpenSwan version 2.6 before 2.6.22 and 2.4 before 2.4.15 strongSwan version 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2185 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- FreeRADIUS Tunnel-Password Denial Of Service Vulnerability
- Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
- eZ/eZphotoshare Denial of Service
- Adobe Flash Media Server Remote Denial of Service Vulnerability (August-2011)
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities