PT-2015-6117 · Libreswan+4 · Libreswan+4

Paul Wouters

Publicado

2015-11-03

Atualizado

2023-02-13

CVE-2015-3240

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libreswan versions prior to 3.15 Openswan versions prior to 2.6.45

Description The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and daemon restart. This occurs when a zero DH g^x value is present in a KE payload within an IKE packet. The affected software must be built with NSS for this issue to be exploitable.

Recommendations For libreswan versions prior to 3.15, update to version 3.15 or later. For Openswan versions prior to 2.6.45, update to version 2.6.45 or later.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CESA-2015_1979

CVE-2015-3240

RHSA-2015:1979

RHSA-2015_1979

Produtos afetados

Centos

Nss

Openswan

Red Hat

Libreswan

PT-2015-6117 · Libreswan+4 · Libreswan+4

CVE-2015-3240

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17