Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:BSA-086:011D5
HistoryDec 04, 2013 - 12:16 p.m.

[BSA-086] Security update for strongswan

2013-12-0412:16:51
lists.debian.org
14

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Updated strongswan packages for squeeze-backports and wheezy-backports
fix the following vulnerabilities:

  • CVE-2013-2944: When using the openssl plugin for ECDSA based
    authentication, an empty, zeroed or otherwise invalid signature is
    handled as a legitimate one.

  • CVE-2013-6075: DoS vulnerability and potential authorization bypass
    triggered by a crafted ID_DER_ASN1_DN ID payload.

  • CVE-2013-6076: DoS vulnerability triggered by crafted IKEv1
    fragmentation payloads.

The squeeze-backports distribution was affected by CVE-2013-2944 and
CVE-2013-6075. These problems have been fixed in version
4.5.2-1.5+deb7u2~bpo60+1.

The wheezy-backports distribution was affected by CVE-2013-6075 and
CVE-2013-6076. These problems have been fixed in version
5.1.0-3~bpo70+1.


Romain Francoise <[email protected]>
http://people.debian.org/~rfrancoise/

Related

openvas 24
fedora 7
nessus 16
freebsd 2
altlinux 3
debiancve 3
cvelist 3
prion 3
securityvulns 4
cve 3
ubuntucve 3
debian 2
gentoo 1
openvas
openvas
Fedora Update for strongswan FEDORA-2014-0567
2014-01-27 00:00:00
Fedora Update for strongswan FEDORA-2014-0567
2014-01-27 00:00:00
Fedora Update for strongswan FEDORA-2014-0516
2014-02-03 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: strongswan-5.1.1-4.fc19
2014-01-25 02:26:05
[SECURITY] Fedora 20 Update: strongswan-5.1.1-4.fc20
2014-01-25 02:27:03
[SECURITY] Fedora 19 Update: strongswan-5.1.3-1.fc19
2014-04-24 07:41:29
nessus
nessus
Fedora 20 : strongswan-5.1.1-4.fc20 (2014-0516)
2014-01-27 00:00:00
Fedora 19 : strongswan-5.1.1-4.fc19 (2014-0567)
2014-01-27 00:00:00
FreeBSD : strongswan -- multiple DoS vulnerabilities (efa663eb-8754-11e3-9a47-00163e1ed244)
2014-01-28 00:00:00
freebsd
freebsd
strongswan -- multiple DoS vulnerabilities
2013-11-01 00:00:00
strongSwan -- ECDSA signature verification issue
2013-04-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package strongswan version 5.0.4-alt1
2013-04-30 00:00:00
Security fix for the ALT Linux 5 package strongswan version 4.3.7-alt1.M51.1
2013-04-30 00:00:00
Security fix for the ALT Linux 6 package strongswan version 4.6.4-alt1.M60T.1
2013-04-30 00:00:00
debiancve
debiancve
CVE-2013-6076
2013-11-02 18:55:00
CVE-2013-2944
2013-05-02 14:55:00
CVE-2013-6075
2013-11-02 18:55:00
cvelist
cvelist
CVE-2013-6076
2022-10-03 16:14:50
CVE-2013-2944
2013-05-02 14:00:00
CVE-2013-6075
2022-10-03 16:14:50
prion
prion
Code injection
2013-05-02 14:55:00
Null pointer dereference
2013-11-02 18:55:00
Null pointer dereference
2013-11-02 18:55:00
securityvulns
securityvulns
strongSwan privilege escalation
2013-05-04 00:00:00
[SECURITY] [DSA 2789-1] strongswan security update
2013-11-05 00:00:00
strongswan security vulnereabilities
2013-11-05 00:00:00
cve
cve
CVE-2013-2944
2013-05-02 14:55:00
CVE-2013-6076
2013-11-02 18:55:00
CVE-2013-6075
2013-11-02 18:55:00
ubuntucve
ubuntucve
CVE-2013-6076
2013-11-02 00:00:00
CVE-2013-2944
2013-05-02 00:00:00
CVE-2013-6075
2013-11-02 00:00:00
debian
debian
[SECURITY] [DSA 2789-1] strongswan security update
2013-11-01 12:21:11
[SECURITY] [DSA 2665-1] strongswan security update
2013-04-30 14:52:27
gentoo
gentoo
strongSwan: Multiple vulnerabilities
2013-09-01 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON
Related for DEBIAN:BSA-086:011D5
openvas24fedora7nessus16freebsd2altlinux3debiancve3cvelist3prion3securityvulns4cve3ubuntucve3debian2gentoo1