CVE-2011-3380

Name of the Vulnerable Software and Affected Versions Openswan versions 2.6.29 through 2.6.35

Description The issue allows remote attackers to cause a denial of service, leading to a disruption in the confidentiality, integrity, and availability of protected information. This can be achieved through an ISAKMP message with an invalid KEY LENGTH attribute, which is not properly handled by the error handling function.

Recommendations For Openswan versions 2.6.29 through 2.6.35, consider applying a patch or update that properly handles the KEY LENGTH attribute in ISAKMP messages to prevent the denial of service. As a temporary workaround, restrict access to the pluto IKE daemon to minimize the risk of exploitation.