Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201603-13
HistoryMar 12, 2016 - 12:00 a.m.

Libreswan: Multiple Vulnerabilities

2016-03-1200:00:00
Gentoo Foundation
security.gentoo.org
10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.045 Low

EPSS

Percentile

92.6%

JSON

Background

Libreswan is a free software implementation of the most widely supported and standarized VPN protocol based on (“IPsec”) and the Internet Key Exchange (“IKE”).

Description

The pluto IKE daemon in Libreswan, when built with NSS, allows remote attackers to cause a Denial of Service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet. Additionally, remote attackers could cause a Denial of Service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK.

Impact

Remote attackers could possibly cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Libreswan users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/libreswan-3.15"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/libreswan< 3.15UNKNOWN

Related

nessus 14
openvas 10
cve 2
debiancve 2
cvelist 2
ubuntucve 1
oraclelinux 2
centos 2
redhat 2
prion 2
nvd 2
fedora 3
nessus
nessus
GLSA-201603-13 : Libreswan: Multiple Vulnerabilities
2016-03-14 00:00:00
RHEL 7 : libreswan (RHSA-2015:1979)
2015-11-05 00:00:00
CentOS 7 : libreswan (CESA-2015:1979)
2015-11-04 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201603-13
2016-03-14 00:00:00
RedHat Update for libreswan RHSA-2015:1979-01
2015-11-05 00:00:00
CentOS Update for libreswan CESA-2015:1979 centos7
2015-11-05 00:00:00
cve
cve
CVE-2015-3240
2015-11-09 16:59:01
CVE-2015-3204
2015-07-01 14:59:08
debiancve
debiancve
CVE-2015-3240
2015-11-09 16:59:01
CVE-2015-3204
2015-07-01 14:59:08
cvelist
cvelist
CVE-2015-3240
2015-11-09 16:00:00
CVE-2015-3204
2015-07-01 14:00:00
ubuntucve
ubuntucve
CVE-2015-3240
2015-11-09 00:00:00
oraclelinux
oraclelinux
libreswan security and enhancement update
2015-11-03 00:00:00
libreswan security, bug fix and enhancement update
2015-06-23 00:00:00
centos
centos
libreswan security update
2015-11-03 21:50:51
libreswan security update
2015-06-24 03:33:57
redhat
redhat
(RHSA-2015:1979) Moderate: libreswan security and enhancement update
2015-11-03 19:22:20
(RHSA-2015:1154) Moderate: libreswan security, bug fix and enhancement update
2015-06-23 00:00:00
prion
prion
Code injection
2015-11-09 16:59:00
Code injection
2015-07-01 14:59:00
nvd
nvd
CVE-2015-3240
2015-11-09 16:59:01
CVE-2015-3204
2015-07-01 14:59:08
fedora
fedora
[SECURITY] Fedora 21 Update: libreswan-3.13-1.fc21
2015-06-10 19:08:51
[SECURITY] Fedora 22 Update: libreswan-3.13-1.fc22
2015-06-10 19:11:55
[SECURITY] Fedora 20 Update: libreswan-3.13-1.fc20
2015-06-14 17:24:32

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.045 Low

EPSS

Percentile

92.6%

JSON
Related for GLSA-201603-13
nessus14openvas10cve2debiancve2cvelist2ubuntucve1oraclelinux2centos2redhat2prion2nvd2fedora3