PT-2019-11601 · Libreswan+2 · Libreswan+2

Publicado

2019-06-12

Atualizado

2020-09-30

CVE-2019-10155

CVSS v2.0

3.5

Baixa

Vetor

AV:N/AC:M/Au:S/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: Libreswan versions prior to 3.29

Description: A vulnerability was found in the processing of IKEv1 informational exchange packets. These packets are encrypted and integrity protected using the established IKE SA encryption and integrity keys. However, as a receiver, the integrity check value was not verified.

Recommendations: For versions prior to 3.29, update to version 3.29 or later to resolve the issue. As a temporary workaround, consider restricting the use of IKEv1 informational exchange packets until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-354

Identificadores relacionados

CESA-2019_3391

CVE-2019-10155

MGASA-2019-0210

RHSA-2019:3391

RHSA-2019_3391

Produtos afetados

Centos

Libreswan

Red Hat

PT-2019-11601 · Libreswan+2 · Libreswan+2

CVE-2019-10155

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21