Moderate: Red Hat Security Advisory: libreswan security and enhancement update

Updated libreswan packages that fix one security issue, several bugs, and add several enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...

CentOS 7 : libreswan (CESA-2015:1979)

Updated libreswan packages that fix one security issue, several bugs, and add several enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...

Oracle Linux 7 : libreswan (ELSA-2015-1979)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2015-1979 advisory. - Resolves: rhbz1259208 CVE-2015-3240 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

libreswan security update

CentOS Errata and Security Advisory CESA-2015:1979 Updated libreswan packages that fix one security issue, several bugs, and add several enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...

Fewer IPsec VPN Connections at Risk to Weak Diffie-Hellman

A challenge has been made against one of the conclusions in a potentially blockbuster academic paper on cryptographic weaknesses that may be the open door through which intelligence agencies are breaking encrypted connections. The paper, “Imperfect Forward Secrecy: How Diffie-Hellman Fails in...

Oracle: Security Advisory (ELSA-2008-0849)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2009-1036)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2007-0342)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiprotocol Network Emulator – Simulator: IMUNES

IMUNES GUI is a simple Tcl/Tk based management console, allowing for specification and management of virtual network topologies. The emulation execution engine itself operates within the operating system kernel. Univesity of Zagreb developed a realistic network topology emulation / simulation...

Design/Logic Flaw

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service VPN service restart by leveraging a peer relationship to send a crafted configuration with compression...

CVE-2015-3966

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service VPN service restart by leveraging a peer relationship to send a crafted configuration with compression...

CVE-2015-3966

The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service VPN service restart by leveraging a peer relationship to send a crafted configuration with compression...

CVE-2015-3966

CVE-2015-3966 affects Innominate mGuard devices running firmware 8.x prior to 8.1.7. The vulnerability exists in the IPsec SA establishment process and can be triggered by a peer sending a crafted configuration with compression, leading to a denial-of-service (VPN service restart). Affected firmw...

[SECURITY] Fedora 22 Update: strongswan-5.3.2-1.fc22

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

[SECURITY] Fedora 21 Update: strongswan-5.3.2-1.fc21

The strongSwan IPsec implementation supports both the IKEv1 and IKEv2 key exchange protocols in conjunction with the native NETKEY IPsec stack of the Linux kernel...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 srctrack, 2 usemfstmpsize, or 3 usemfsvarsize parameter to systemadvancedmisc.php; the 4 port, 5 snaplen, or 6 count parameter to diagpacketcapture.php...

SUSE SLES11 Security Update : ipsec-tools (SUSE-SU-2015:1367-1)

ipsec-tools was updated to fix one security issue and a bug. This security issue was fixed : - CVE-2015-4047: racoon/gssapi.c in ipsec-tools allowed remote attackers to cause a denial of service NULL pointer dereference and IKE daemon crash via a series of crafted UDP requests bsc931989. Due to a...

SUSE-SU-2015:1367-1 Security update for ipsec-tools

ipsec-tools was updated to fix one security issue and a bug. This security issue was fixed: - CVE-2015-4047: racoon/gssapi.c in ipsec-tools allowed remote attackers to cause a denial of service NULL pointer dereference and IKE daemon crash via a series of crafted UDP requests bsc931989. Due to a...

The vulnerability of the Cisco IOS operating system, which allows a intruder to trigger a service failure

The vulnerability of the IKE protocol implementation in the WS-IPSEC-3 service module of the Cisco IOS operating system is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a special message at the time of establishi...

CVE-2015-3204

libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service daemon restart via an IKEv1 packet with 1 unassigned bits set in the IPSEC DOI value or 2 the next payload value set to ISAKMPNEXTSAK...