RHEL 5 / 6 : openswan (RHSA-2013:0827)

Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

CentOS 5 / 6 : openswan (CESA-2013:0827)

Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

Scientific Linux Security Update : openswan on SL5.x, SL6.x i386/x86_64 (20130515)

A buffer overflow flaw was found in Openswan. If Opportunistic Encryption were enabled 'oe=yes' in '/etc/ipsec.conf' and an RSA key configured, an attacker able to cause a system to perform a DNS lookup for an attacker- controlled domain containing malicious records such as by sending an email th...

openswan security update

CentOS Errata and Security Advisory CESA-2013:0827 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

Cisco ISM Malformed Authentication Header Packet Denial of Service Vulnerability

A vulnerability in authentication header packets processing on the Cisco ISM module for ISR G2 could allow an authenticated, remote attacker to cause a reload of the affected module. The vulnerability is due to improper processing of malformed authentication header packets. An attacker could...

[SECURITY] [DSA 2665-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2665-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez April 30, 2013 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2665-1 (strongswan - authentication bypass)

Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the OpenSSL plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. An attacker could use a forged signature to authenticate like a...

Debian: Security Advisory (DSA-2665-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-0406

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec...

Design/Logic Flaw

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec...

CVE-2013-0406

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec...

Solaris 10 (sparc) : 147147-26 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Libraries/Libc. Supported versions that are affected are 8, 9, 10 and 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in...

PFsense <= 2.0.1 XSS / CSRF Vulnerabilities

Exploit for freebsd platform in category web applications ┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link:...

PFsense UTM Platform 2.0.1 XSS / CSRF

┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.org │ Version: = 2.0.1 │ Category: Semi-Persistent X...

pfSense UTM Platform 2.0.1 - Cross-Site Scripting

pfSense UTM Platform 2.0.1 - Cross-Site Scripting ┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.or...

pfSense UTM Platform 2.0.1 - Cross-Site Scripting

┴┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┬┴ │ Exploit Title: pfSense = 2.0.1 XSS & CSRF during IPSec XAuth authentication │ Date: 04/01/2013 │ Author: Dimitris Strevinas │ Vendor or Software Link: www.pfsense.org │ Version: = 2.0.1 │ Category: Semi-Persistent...

IPSEC Internet Key Exchange (IKE) Version 2 Detection

The remote host seems to be enabled to do Internet Key Exchange IKE. This is typically indicative of a VPN server. VPN servers are used to connect remote hosts into internal resources. Make sure that the use of this VPN endpoint is done in accordance with your corporate security policy. Note that...

CVE-2012-3727

Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file...

CVE-2012-3727

Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file...

Buffer overflow

Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file...