Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200909-05
HistorySep 09, 2009 - 12:00 a.m.

Openswan: Denial of service

2009-09-0900:00:00
Gentoo Foundation
security.gentoo.org
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.834 High

EPSS

Percentile

98.4%

JSON

Background

Openswan is an implementation of IPsec for Linux.

Description

Multiple vulnerabilities have been discovered in Openswan:

  • Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan (CVE-2009-0790).
  • The Orange Labs vulnerability research team discovered multiple vulnerabilities in the ASN.1 parser (CVE-2009-2185).

Impact

A remote attacker could exploit these vulnerabilities by sending specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially crafted X.509 certificate containing a malicious Relative Distinguished Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial of Service of the pluto IKE daemon.

Workaround

There is no known workaround at this time.

Resolution

All Openswan users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.15"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/openswan<Β 2.4.15UNKNOWN

Related

nessus 34
fedora 2
openvas 54
veracode 2
altlinux 3
debiancve 3
prion 3
seebug 1
oraclelinux 2
centos 2
debian 4
securityvulns 4
redhat 2
ubuntucve 3
cve 3
checkpoint_advisories 1
osv 2
nessus
nessus
Fedora 10 : openswan-2.6.21-2.fc10 (2009-7423)
2009-07-13 00:00:00
GLSA-200909-05 : Openswan: Denial of Service
2009-09-10 00:00:00
openSUSE Security Update : openswan (openswan-1052)
2009-07-21 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: openswan-2.6.21-2.fc10
2009-07-11 16:56:13
[SECURITY] Fedora 11 Update: openswan-2.6.21-5.fc11
2009-07-11 17:19:09
openvas
openvas
Fedora Core 10 FEDORA-2009-7423 (openswan)
2009-07-29 00:00:00
Gentoo Security Advisory GLSA 200909-05 (openswan)
2009-09-15 00:00:00
Gentoo Security Advisory GLSA 200909-05 (openswan)
2009-09-15 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:34:41
Denial Of Service (DoS)
2020-04-10 00:31:21
altlinux
altlinux
Security fix for the ALT Linux 7 package strongswan version 4.2.14-alt1
2009-05-13 00:00:00
Security fix for the ALT Linux 5 package strongswan version 4.2.14-alt1
2009-05-13 00:00:00
Security fix for the ALT Linux 6 package strongswan version 4.2.14-alt1
2009-05-13 00:00:00
debiancve
debiancve
CVE-2009-0790
2009-04-01 10:30:00
CVE-2009-2185
2009-06-25 02:00:00
CVE-2009-2661
2009-08-04 16:30:00
prion
prion
Null pointer dereference
2009-04-01 10:30:00
Code injection
2009-06-25 02:00:00
Design/Logic Flaw
2009-08-04 16:30:00
seebug
seebug
Openswanε’ŒstrongSwan DPDζŠ₯ζ–‡θΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž
2009-04-01 00:00:00
oraclelinux
oraclelinux
openswan security update
2009-07-02 00:00:00
openswan security update
2009-03-30 00:00:00
centos
centos
openswan security update
2009-07-02 23:46:08
openswan security update
2009-04-09 10:33:25
debian
debian
[SECURITY] [DSA 1898-1] New openswan packages fix denial of service
2009-10-02 18:25:39
[SECURITY] [DSA 1759-1] New strongswan packages fix denial of service
2009-03-30 23:49:22
[SECURITY] [DSA 1760-1] New openswan packages fix denial of service
2009-03-30 23:49:43
securityvulns
securityvulns
CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan &amp; Strongswan IPsec
2009-04-01 00:00:00
Openswan / Strongswan DoS
2009-04-01 00:00:00
OpenSwan / StrongSwan multiple security vulnerabilities
2009-10-03 00:00:00
redhat
redhat
(RHSA-2009:1138) Important: openswan security update
2009-07-02 00:00:00
(RHSA-2009:0402) Important: openswan security update
2009-03-30 00:00:00
ubuntucve
ubuntucve
CVE-2009-2185
2009-06-25 00:00:00
CVE-2009-0790
2009-04-01 00:00:00
CVE-2009-2661
2009-08-04 00:00:00
cve
cve
CVE-2009-2185
2009-06-25 02:00:00
CVE-2009-0790
2009-04-01 10:30:00
CVE-2009-2661
2009-08-04 16:30:00
checkpoint_advisories
checkpoint_advisories
OpenSwan and StrongSwan DPD Packet Remote Denial of Service - Ver2 (CVE-2009-0790)
2014-03-31 00:00:00
osv
osv
openswan - denial of service
2009-03-30 00:00:00
strongswan - denial of service
2009-10-02 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.834 High

EPSS

Percentile

98.4%

JSON
Related for GLSA-200909-05
nessus34fedora2openvas54veracode2altlinux3debiancve3prion3seebug1oraclelinux2centos2debian4securityvulns4redhat2ubuntucve3cve3checkpoint_advisories1osv2