15 matches found
Security Bulletin: Vulnerabilities in Strongswan affect Power Hardware Management Console (CVE-2014-9221,CVE-2014-2891,CVE-2014-2338,CVE-2013-5018)
Summary Strongswan is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-9221 DESCRIPTION: strongSwan is vulnerable to a denial of service, caused by a NULL pointer dereference when handling malicious payloads. A remote...
SUSE: Security Advisory (SUSE-SU-2014:0529-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 201412-26
Gentoo Linux Local Security Checks GLSA 201412-26 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
openSUSE Security Update : strongswan (openSUSE-SU-2014:0697-1)
strongswan was fixed to correct two issues : - Fix for DoS vulnerability by a NULL pointer dereference CVE-2014-2891. - Fix for a authentication bypass vulnerability in the IKEv2 code CVE-2014-2338. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in th...
FreeBSD : strongswan -- Remote Authentication Bypass (6fb521b0-d388-11e3-a790-000c2980a9f3)
strongSwan developers report : Remote attackers are able to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established. Only installations that actively initiate or re-authenticate IKEv2 IKESAs are affected...
[SECURITY] [DSA 2903-1] strongswan security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2903-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez April 14, 2014 http://www.debian.org/security/faq -...
Fedora Update for strongswan FEDORA-2014-5231
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for strongswan FEDORA-2014-5238
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : strongswan-5.1.3-1.fc20 (2014-5231)
This update fixes : - Bug 1081760 - CVE-2014-2338 strongswan: authentication bypass flaw in IKEv2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora 19 : strongswan-5.1.3-1.fc19 (2014-5238)
CVE-2014-2338 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable Network...
strongSwan IKEv2 SA验证绕过漏洞
CVE ID:CVE-2014-2338 strongSwan是一个完整的2.4和2.6的Linux内核下的IPsec和IKEv1的实现。它也完全支持新的IKEv2协议的Linux2.6内核。 strongSwan处理IKEv2 SA存在安全漏洞,允许远程攻击者利用漏洞绕过验证,进行授权访问。仅安装actively initiate或re-authenticate IKEv2 IKESAs的系统受此漏洞影响。 0 strongSwan 4.x strongSwan 5.x strongSwan 5.1.3版本已修复该漏洞,建议用户下载使用: http://strongswan.org...
CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established...
CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established...
CVE-2014-2338
IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKESA during 1 initiation or 2 re-authentication, which triggers the IKESA state to be set to established...
SuSE 11.3 Security Update : strongswan (SAT Patch Number 9089)
The following security issue is fixed by this update : - strongswan has been updated to fix an authentication problem where attackers could have bypassed the IKEv2 authentication. CVE-2014-2338. bnc870572 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...