CVE-2009-2185

Name of the Vulnerable Software and Affected Versions openswan versions 2.6.14 through 2.6.21 openswan versions 2.4 through 2.4.14 strongSwan versions 2.8 through 2.8.9 strongSwan versions 4.2 through 4.2.15 strongSwan versions 4.3 through 4.3.1

Description The issue is related to the ASN.1 parser in the affected software, which can be exploited remotely to cause a denial of service, specifically a crash of the pluto IKE daemon. This can occur through an X.509 certificate with crafted Relative Distinguished Names (RDNs), a crafted UTCTIME string, or a crafted GENERALIZEDTIME string. The exploitation can lead to a disruption in the availability of protected information.

Recommendations For openswan versions 2.6.14 through 2.6.21, update to version 2.6.22 or later. For openswan versions 2.4 through 2.4.14, update to version 2.4.15 or later. For strongSwan versions 2.8 through 2.8.9, update to version 2.8.10 or later. For strongSwan versions 4.2 through 4.2.15, update to version 4.2.16 or later. For strongSwan versions 4.3 through 4.3.1, update to version 4.3.2 or later. As a temporary workaround, consider restricting access to the ASN.1 parser or disabling the pluto IKE daemon until a patch is available.