16 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-9023
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of...
SUSE: Security Advisory (SUSE-SU-2017:1473-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for strongimcv (EulerOS-SA-2019-2702)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for strongimcv (EulerOS-SA-2019-2668)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : strongimcv (EulerOS-SA-2019-2702)
According to the version of the strongimcv package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to...
EulerOS 2.0 SP3 : strongimcv (EulerOS-SA-2019-2668)
According to the versions of the strongimcv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In strokesocket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource...
EulerOS 2.0 SP2 : strongimcv (EulerOS-SA-2019-2447)
According to the versions of the strongimcv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to...
Security Bulletin: Vulnerabilities in strongSwan affect IBM Chassis Management Module (CVE-2017-9022, CVE-2017-9023)
Summary IBM Chassis Management Module has addressed the following vulnerabilities in strongSwan. Vulnerability Details Summary IBM Chassis Management Module has addressed the following vulnerabilities in strongSwan. Vulnerability Details: CVEID: CVE-2017-9022 Description: strongSwan is vulnerable...
Security Bulletin: Multiple vulnerabilities in strongswan affect IBM Flex System Manager (FSM) (CVE-2017-9023, CVE-2017-9022)
Summary Multiple vulnerabilities have been identified in strongswan that is embedded in the FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2017-9023 DESCRIPTION: strongSwan is vulnerable to a denial of service, caused by the improper handling of CHOICE types ...
FreeBSD : strongswan -- Denial-of-service vulnerability in the x509 plugin (c7e8e955-6c61-11e7-9b01-2047478f2f70)
strongSwan security team reports : ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This could lead to infinite looping of the thread parsing a specifically crafted certificate. %NASLMINLEVEL 70300 C Tenable...
CVE-2017-9023
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...
CVE-2017-9023
CVE-2017-9023 affects strongSwan’s ASN.1 CHOICE handling when the x509 plugin is enabled, enabling remote denial of service via a crafted certificate. Concrete details in connected docs include affected product families (strongSwan deployments embedded in IBM FSM/IMM2, CMM and AMM advisories), th...
SUSE SLES11 Security Update : strongswan (SUSE-SU-2017:1471-1)
This update for strongswan fixes the following issues : - CVE-2017-9022: Insufficient Input Validation in gmp Plugin leads to Denial of service bsc1039514 - CVE-2017-9023: Incorrect x509 ASN.1 parser error handling could lead to Denial of service bsc1039515 Note that Tenable Network Security has...
CVE-2017-9023
The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...
Ubuntu 14.04 LTS / 16.04 LTS : strongSwan vulnerabilities (USN-3301-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3301-1 advisory. It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause...
Debian: Security Advisory (DSA-3866-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...