4 matches found
SuSE 10 Security Update : strongswan (ZYPP Patch Number 5693)
This update of strongswan fixes a denial of service problem that occurs while parsing a IKESAINIT message dursing key exchange. This allows an remote attacker to crash the daemon. CVE-2008-4551 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...
openSUSE Security Update : strongswan (strongswan-255)
This update of strongswan fixes a denial of service problem that occurs while parsing a IKESAINIT message dursing key exchange. This allows an remote attacker to crash the daemon. CVE-2008-4551 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
CVE-2008-4551
strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...
CVE-2008-4551
Concrete details: CVE-2008-4551 affects strongSwan 4.2.6 and earlier. The vulnerability is a denial of service (daemon crash) triggered by an IKE_SA_INIT message containing a large number of NULL values in a Key Exchange payload, which causes a NULL pointer dereference in GMP’s mpz_export return ...