CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

CVE-2015-3240

The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service assertion failure and daemon restart via a zero DH g^x value in a KE payload in a IKE packet...

openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service NULL pointer dereference and IKE daemon restart via IKEv2 packets that lack expected payloads...

[SECURITY] [DSA 2789-1] strongswan security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2789-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez November 01, 2013 http://www.debian.org/security/faq -...

DSA-2789-1 strongswan - Denial of service and authorization bypass

Bulletin has no description...

DEBIAN-CVE-2013-2054

Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this...

CVE-2013-2053

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be...

Buffer overflow

Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service pluto IKE daemon crash and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this...

openswan security update

CentOS Errata and Security Advisory CESA-2013:0827 Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

Scientific Linux Security Update : openswan on SL5.x i386/x86_64

Gerd v. Egidy discovered a flaw in the Dead Peer Detection DPD in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. CVE-2009-0790 It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local...

RedHat Update for openswan RHSA-2011:1356-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Debian Security Advisory DSA 2374-1 (openswan)

The remote host is missing an update to openswan announced via advisory DSA 2374-1. OpenVAS Vulnerability Test $Id: deb23741.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2374-1 openswan Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2374-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2374-1 : openswan - implementation error

The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto. More information can be found in the upstream advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

DSA-2374-1 openswan - implementation error

Bulletin has no description...

CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service NULL pointer dereference and pluto IKE daemon crash via an ISAKMP message with an invalid KEYLENGTH attribute, which is not properly handled by the error handling function...

CVE-2011-3380

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service NULL pointer dereference and pluto IKE daemon crash via an ISAKMP message with an invalid KEYLENGTH attribute, which is not properly handled by the error handling function...

CVE-2011-3380

CVE-2011-3380 affects Openswan 2.6.29–2.6.35, allowing remote denial of service via a NULL pointer dereference in the pluto IKE daemon when handling an ISAKMP message with an invalid KEY_LENGTH attribute. The issue arises from improper error handling for that attribute, leading to a crash. Severa...

Medium: openswan

Issue Overview: A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP symmetric multiprocessing systems that have...