28 matches found
SUSE: Security Advisory (SUSE-SU-2022:0202-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2022-2068 strongswan security update
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually...
CVE-2021-45079 affecting package strongswan for versions less than 5.9.5-1
CVE-2021-45079 affecting package strongswan for versions less than 5.9.5-1. An upgraded version of the package is available that resolves this issue...
openSUSE: Security Advisory for strongswan (openSUSE-SU-2022:0492-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : strongswan (openSUSE-SU-2022:0492-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0492-1 advisory. - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the...
SUSE: Security Advisory (SUSE-SU-2022:14887-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:0492-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15: strongswan / strongswan-doc / strongswan-hmac / strongswan-ipsec / etc (SUSE-SU-2022:0492-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0492-1 advisory. - CVE-2021-45079: Fixed authentication bypass in EAP authentication. bsc1194471 Tenable has extracted the preceding...
OPENSUSE-SU-2022:0492-1 Security update for strongswan
This update for strongswan fixes the following issues: - CVE-2021-45079: Fixed authentication bypass in EAP authentication. bsc1194471...
Security update for strongswan (important)
openSUSE Security Update: Security update for strongswan Announcement ID: openSUSE-SU-2022:0492-1 Rating: important References: 1194471 Cross-References: CVE-2021-45079 CVSS scores: CVE-2021-45079 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2021-45079 SUSE: 6.5...
OESA-2022-1525 strongswan security update
The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel. Security Fixes: In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually...
Fedora: Security Advisory for strongswan (FEDORA-2022-0e87c7994f)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Debian DLA-2909-1 : strongswan - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2909 advisory. Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the...
[SECURITY] [DLA 2909-1] strongswan security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2909-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 03, 2022 https://wiki.debian.org/LTS -...
CVE-2021-45079
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...
CVE-2021-45079
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...
CVE-2021-45079
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2 even without server authentication...
CVE-2021-45079
Summary: CVE-2021-45079 affects strongSwan prior to 5.9.5. A malicious responder can send an EAP-Success message before proper authentication, and in EAP methods with mutual authentication and EAP-only authentication for IKEv2, potentially bypassing server authentication. What is affected: strong...
Debian DSA-5056-1 : strongswan - security update
The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5056 advisory. Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even...
FreeBSD : strongswan - Incorrect Handling of Early EAP-Success Messages (ccaea96b-7dcd-11ec-93df-00224d821998)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ccaea96b-7dcd-11ec-93df-00224d821998 advisory. - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without...