18 matches found
SUSE: Security Advisory (SUSE-SU-2019:3056-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:3266-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)
This update for strongswan provides the following fixes : Security issues fixed : CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. CVE-2018-10811: Fixed a...
openSUSE Security Update : strongswan (openSUSE-2019-2598)
This update for strongswan fixes the following issues : Security issues fixed : - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. - CVE-2018-10811: Fixed...
StrongSwan OpenSSL Plugin FIPS Mode Denial-of-Service (CVE-2018-10811)
A denial-of-service vulnerability exists in StrongSwan. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Photon OS 1.0: Strongswan PHSA-2018-1.0-0178
An update of the strongswan package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0178. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Fedora 28 : strongswan (2018-0de3edbdea)
New version 5.6.3 Security fix for CVE-2018-10811 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
GLSA-201811-16 : strongSwan: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201811-16 strongSwan: Multiple vulnerabilities Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : strongSwan vulnerabilities (USN-3771-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3771-1 advisory. It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to...
Ubuntu: Security Advisory (USN-3771-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3771-1: strongSwan vulnerabilities
It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2018-10811 Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OIDs in the gmp plugin. A...
CVE-2018-10811
CVE-2018-10811 affects strongSwan (5.6.0 and older). Root cause: a missing initialization of a variable in the IKEv2 key derivation, enabling a remote attacker to trigger a denial-of-service condition. Public disclosures describe DoS via specially crafted requests, with CVSS in the 5.x range (bas...
CVE-2018-10811
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...
Debian DSA-4229-1 : strongswan - security update
Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite. - CVE-2018-5388 The stroke plugin did not verify the message length when reading from its control socket. This vulnerability could lead to denial of service. On Debian write access to the socket requires root permission on...
[SECURITY] [DSA 4229-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4229-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez June 14, 2018 https://www.debian.org/security/faq -...
Fedora Update for strongswan FEDORA-2018-0de3edbdea
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2018-10811
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable...
strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)
strongSwan security team reports: A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF which is not FIPS-compliant. So this should only affect very specific setups, but in such configurations all...