5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Updated strongswan packages for squeeze-backports and wheezy-backports
fix the following vulnerabilities:
CVE-2013-2944: When using the openssl plugin for ECDSA based
authentication, an empty, zeroed or otherwise invalid signature is
handled as a legitimate one.
CVE-2013-6075: DoS vulnerability and potential authorization bypass
triggered by a crafted ID_DER_ASN1_DN ID payload.
CVE-2013-6076: DoS vulnerability triggered by crafted IKEv1
fragmentation payloads.
The squeeze-backports distribution was affected by CVE-2013-2944 and
CVE-2013-6075. These problems have been fixed in version
4.5.2-1.5+deb7u2~bpo60+1.
The wheezy-backports distribution was affected by CVE-2013-6075 and
CVE-2013-6076. These problems have been fixed in version
5.1.0-3~bpo70+1.
–
Romain Francoise <[email protected]>
http://people.debian.org/~rfrancoise/