USN-5111-2: strongSwan vulnerability

USN-5111-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote attacker could use this issue to...

USN-5111-1: strongSwan vulnerabilities

It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2021-41990 It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A...

Learning how MTU and MSS work is key to using DDoS Protection as a Service

Maximum Transmit Unit MTU and Maximum Segment Size MSS are two important terms you should be familiar with when venturing into the world of networking, especially if you are working with GRE and IPSEC tunnels. And if you are looking to use DDoS Protection as a service, you will need to know how M...

[SECURITY] Fedora 34 Update: fetchmail-6.4.22-1.fc34

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...

CVE-2021-23039

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffi...

Code injection

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffi...

CVE-2021-23039

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote IPSec peer, which already has a negotiated Security Association, can cause the Traffi...

CVE-2021-23039

CVE-2021-23039 affects F5 BIG-IP TMM: when IPSec is configured, authorized IPSec peers with an existing Security Association can cause TMM to terminate, leading to DoS. Affected branches include BIG-IP 16.x (16.0.0–16.0.1), 15.x (15.0.0–15.1.2), 14.x (14.1.0–14.1.4), and all 13.1.x/12.1.x; End of...

Fortinet FortiOS has an unspecified vulnerability (CNVD-2021-101140)

Fortinet FortiOS is a security operating system from Fortinet that is dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS has a security...

GSD-2021-1001157 bonding: fix null dereference in bond_ipsec_add_sa()

bonding: fix null dereference in bondipsecaddsa This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.6 by commit...

Cisco Adaptive Security Appliance Software Release 7.0.0 IPsec DoS (cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC)

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

Cisco Firepower Threat Defense Software Release 7.0.0 IPsec DoS (cisco-sa-asa-ftd-ipsec-dos-TFKQbgWC)

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

CVE-2020-20262

Mikrotik RouterOs before 6.47 stable tree suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet...

CVE-2020-20262

Mikrotik RouterOs before 6.47 stable tree suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet...

CVE-2020-20262

The entries identify CVE-2020-20262 affecting MikroTik RouterOS before version 6.47 (stable). The vulnerability is an assertion failure in the /ram/pckg/security/nova/bin/ipsec process, exploitable by an authenticated remote attacker sending a crafted packet to cause a Denial of Service. Connecte...

MikroTik RouterOS 代码问题漏洞

MikroTik RouterOS is a Linux-based router operating system developed by MikroTik Latvia.An assertion failure vulnerability exists in MikroTik RouterOS, which stems from an authentication error in the product's /ram/pckg/security/nova/bin/ipsec process. An attacker could exploit this vulnerability...

CVE-2021-1422

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

Race condition

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

CVE-2021-1422 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...

CVE-2021-1422 Cisco Adaptive Security Appliance Software Release 9.16.1 and Cisco Firepower Threat Defense Software Release 7.0.0 IPsec Denial of Service Vulnerability

A vulnerability in the software cryptography module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker or an unauthenticated attacker in a man-in-the-middle position to cause an unexpected reload of the...