Denial Of Service (DoS)

openswan is vulnerable to denial of service DoS. The vulnerability exists as a use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue...

CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKESAINIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKEAUTH exchange. This affects...

CVE-2019-12312

CVE-2019-12312 affects Libreswan 3.27, where an assertion failure in send_v2N_spi_response_from_state (ikev2_send.c) can be triggered by an IKEv2 SA_INIT followed by a bogus INFORMATIONAL exchange, causing a NULL pointer dereference and a restart of the pluto IKE daemon. The issue is documented a...

Remote Code Execution (RCE)

openswan is vulnerable to remote code execution RCE attacks. The vulnerability exists through a buffer overflow issue in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto...

CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

CVE-2013-2053

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be...

Buffer overflow

Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this...

openswan security update

CentOS Errata and Security Advisory CESA-2013:0827 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service NULL pointer dereference and pluto IKE daemon crash via an ISAKMP message with an invalid KEYLENGTH attribute, which is not properly handled by the error handling function...

CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service NULL pointer dereference and pluto IKE daemon crash via an ISAKMP message with an invalid KEYLENGTH attribute, which is not properly handled by the error handling function...

CVE-2011-3380

CVE-2011-3380 affects Openswan 2.6.29–2.6.35, allowing remote denial of service via a NULL pointer dereference in the pluto IKE daemon when handling an ISAKMP message with an invalid KEY_LENGTH attribute. The issue arises from improper error handling for that attribute, leading to a crash. Severa...

Moderate: Red Hat Security Advisory: openswan security update

Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

strongSwan Certificate and Identification Payload Parsing Buffer Overflow (CVE-2010-2628)

strongSwan is an open-source implementation of IPsec for Linux platforms including Debian, Ubuntu, FreeBSD and Mac OS X. It is a scalable VPN solution that supports the Internet Key Exchange IKE protocol version 1 as well as IKEv2. A remote code execution vulnerability has been reported in...

SuSE 10 Security Update : openswan (ZYPP Patch Number 6117)

By sending a specially crafted Dead Peer Detection DPD packet remote attackers could crash the pluto IKE daemon. CVE-2009-0790 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...