PT-2009-5057 · Strongswan · Strongswan

Ludwig Nussel

Published

2009-08-04

Updated

2009-11-24

CVE-2009-2661

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions strongSwan versions 2.8 through 2.8.10 strongSwan versions 4.2 through 4.2.16 strongSwan versions 4.3 through 4.3.2

Description The issue arises from improper handling of X.509 certificates with crafted Relative Distinguished Names (RDNs) by the asn1 length function. This allows remote attackers to cause a denial of service, specifically a crash of the pluto IKE daemon, via malformed ASN.1 data.

Recommendations For strongSwan versions 2.8 through 2.8.10, update to version 2.8.11 or later. For strongSwan versions 4.2 through 4.2.16, update to version 4.2.17 or later. For strongSwan versions 4.3 through 4.3.2, update to version 4.3.3 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2009-2661

DSA-1899-1

Affected Products

Strongswan

PT-2009-5057 · Strongswan · Strongswan

CVE-2009-2661

Weakness Enumeration

Related Identifiers

Affected Products

References · 14