Lucene search

K
gentooGentoo FoundationGLSA-201411-07
HistoryNov 23, 2014 - 12:00 a.m.

Openswan: Denial of service

2014-11-2300:00:00
Gentoo Foundation
security.gentoo.org
11

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%

Background

Openswan is an implementation of IPsec for Linux.

Description

A NULL pointer dereference has been found in Openswan.

Impact

A remote attacker could create a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

Gentoo has discontinued support for Openswan. We recommend that users unmerge Openswan:

 # emerge --unmerge "net-misc/openswan"

NOTE: The Gentoo developer(s) maintaining Openswan have discontinued support at this time. It may be possible that a new Gentoo developer will update Openswan at a later date. Alternatives packages such as Libreswan and strongSwan are currently available in Gentoo Portage.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/openswan<=Β 2.6.39-r1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.7%