AmazonALAS-2014-303Medium: openswan
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.7%
Issue Overview:
A NULL pointer dereference flaw was discovered in the way Openswan’s IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466)
Affected Packages:
openswan
Issue Correction:
Run yum update openswan to update your system.
New Packages:
i686:
openswan-2.6.37-3.17.amzn1.i686
openswan-debuginfo-2.6.37-3.17.amzn1.i686
openswan-doc-2.6.37-3.17.amzn1.i686
src:
openswan-2.6.37-3.17.amzn1.src
x86_64:
openswan-doc-2.6.37-3.17.amzn1.x86_64
openswan-debuginfo-2.6.37-3.17.amzn1.x86_64
openswan-2.6.37-3.17.amzn1.x86_64
Additional References
Red Hat: CVE-2013-6466
Mitre: CVE-2013-6466
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | openswan | < 2.6.37-3.17.amzn1 | openswan-2.6.37-3.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openswan-debuginfo | < 2.6.37-3.17.amzn1 | openswan-debuginfo-2.6.37-3.17.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | openswan-doc | < 2.6.37-3.17.amzn1 | openswan-doc-2.6.37-3.17.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | openswan-doc | < 2.6.37-3.17.amzn1 | openswan-doc-2.6.37-3.17.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openswan-debuginfo | < 2.6.37-3.17.amzn1 | openswan-debuginfo-2.6.37-3.17.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | openswan | < 2.6.37-3.17.amzn1 | openswan-2.6.37-3.17.amzn1.x86_64.rpm |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.024 Low
EPSS
Percentile
89.7%