Siemens SIMATIC CP 343-1 Advanced IKEv1 Cipher Suite Configuration Vulnerability

The SIMATIC CP 343-1 Advanced product allows configuration of the IKEv1 cipher suite configuration, which specifies the IKE and Encapsulating Security Payload ESP supported algorithms, with one cipher for each setting. It is evaluated that the configuration is not consistent with the supported...

Information Disclosure

mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system...

MS15-120: Security update for IPsec to address denial of service: November 10, 2015

MS15-120: Security update for IPsec to address denial of service: November 10, 2015 Summary This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become unresponsive. To exploit the...

ipsec-tools -- remotely exploitable computational-complexity attack

Robert Foggia via NetBSD GNATS reports: The ipsec-tools racoon daemon contains a remotely exploitable computational complexity attack when parsing and storing isakmp fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly...

CentOS 7 : libreswan (CESA-2016:2603)

An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

libreswan security update

CentOS Errata and Security Advisory CESA-2016:2603 An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

DUHK Attack against Fortinet Products

When devices use ANSI X9.31 RNG which was removed from the list of FIPS-approved random number generation algorithms in January 2016 to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK...

CVE-2016-6466

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. This vulnerability affects the...

Race condition

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. This vulnerability affects the...

CVE-2016-6466

CVE-2016-6466 affects Cisco ASR 5000/5500 Series routers and Cisco VPC, via the StarOS IPsec component (ipsecmgr). The issue arises from improper processing of IKE messages, allowing an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new ones, causing a DoS ...

CVE-2016-6466

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. This vulnerability affects the...

Cisco ASR 5000 Series ipsecmgr Service Denial of Service Vulnerability

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels from establishing, resulting in a denial of service DoS condition. The vulnerability is due to...

RHEL 7 : libreswan (RHSA-2016:2603)

An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

RedHat Update for libreswan RHSA-2016:2603-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Security Advisory: libreswan security and bug fix update

An update for libreswan is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Memory corruption

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service line card reset via certain constructed IPsec control packets...

CVE-2016-8203

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of service line card reset via certain constructed IPsec control packets...

CVE-2016-8203

CVE-2016-8203 describes a memory corruption in the IPsec code path of Brocade NetIron OS (Brocade MLXs) affecting 5.8.00–5.8.00e, 5.9.00–5.9.00bd, 6.0.00 and 6.0.00a images. Exploitation via crafted IPsec control packets could cause a denial of service (line card reset). OpenVAS advisory/Brocade ...

BSA-2016-168

Security Advisory ID : BSA-2016-168 Component : NetIron Revision : 2.0: Final A memory corruption in the IPsec code path of BrocadeNetIronOS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00 and 6.0.00a images could allow attackers to cause a denial of service line card rese...

OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol OCSP was patched this week, closing a denial-of-service weakness in affected servers. The patch was the most severe of 14 released yesterday by OpenSSL. OCSP is an alternative in many cases to Certificate...