MGASA-2023-0089 Updated libreswan packages fix security vulnerability

A change in the libreswan 4.2 Traffic Selector parsing code introduced a missing check that would reject palformed Traffic Selector payloads. As such, in such case the code stumbles on to hit a double free, leading to a crash and restart of the pluto daemon. No remote code execution. CVE-2023-230...

Updated libreswan packages fix security vulnerability

A change in the libreswan 4.2 Traffic Selector parsing code introduced a missing check that would reject palformed Traffic Selector payloads. As such, in such case the code stumbles on to hit a double free, leading to a crash and restart of the pluto daemon. No remote code execution. CVE-2023-230...

OESA-2023-1151 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

SUSE CVE-2009-1958

charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...

strongswan: Index-out-of-bounds in traffic_selector_create_from_rfcNUMBER_format

Project: https://github.com/strongswan/strongswan.git Detailed report: https://oss-fuzz.com/testcase?key=6094496901103616 Project: strongswan Fuzzer: libFuzzerstrongswanfuzzcerts Fuzz target binary: fuzzcerts Job Type: libfuzzerubsanstrongswan Platform Id: linux Crash Type: Index-out-of-bounds...

strongSwan IKE_SA_INIT and IKE_AUTH DoS Vulnerabilities

This host has installed strongSwan and is prone to Denial of Service Vulnerabilities. OpenVAS Vulnerability Test $Id: gbstrongswanmultdosvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ strongSwan IKESAINIT and IKEAUTH DoS Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...

CVE-2009-1958

charon/sa/tasks/childcreate.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKEAUTH request without a 1 TSi or 2 TSr traffic selector...