GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Sep 09, 2009 4:26 pm Post subject: [ GLSA 200909-05 ] Openswan: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: Openswan: Denial of Service (GLSA 200909-05)
Severity: normal
Exploitable: remote
Date: September 09, 2009
Bug(s): #264346, #275233
ID: 200909-05
Synopsis
Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow
remote attackers to cause a Denial of Service.
Background
Openswan is an implementation of IPsec for Linux.
Affected Packages
Package: net-misc/openswan
Vulnerable: < 2.4.15
Unaffected: >= 2.4.15
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Openswan:
- Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer
Detection of the pluto IKE daemon as included in Openswan
(CVE-2009-0790). - The Orange Labs vulnerability research team
discovered multiple vulnerabilities in the ASN.1 parser
(CVE-2009-2185).
Impact
A remote attacker could exploit these vulnerabilities by sending
specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially
crafted X.509 certificate containing a malicious Relative Distinguished
Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial
of Service of the pluto IKE daemon.
Workaround
There is no known workaround at this time.
Resolution
All Openswan users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.15" |
References
CVE-2009-0790
CVE-2009-2185
Last edited by GLSA on Tue Jul 17, 2012 4:27 am; edited 3 times in total |
|
News & Announcements
