Lucene search
RootSSV:61286HistoryJan 06, 2014 - 12:00 a.m.
libreswan多个漏洞
2014-01-0600:00:00
Root
www.seebug.org
19
0.03 Low
EPSS
Percentile
89.8%
CVE ID:CVE-2013-4564
Libreswan是一款类似OpenSwan的IPsec实现。
1)处理"process_packet()方法(pluto/demux.c)中IKE数据包时的错误,导致通过特制的IKE数据包造成libreswan重新启动。
2)处理"ikev2parent_inI1outR1()"函数(pluto/ikev2_parent.c中IKE通告报文时的错误,导致利用特制的IKE引起libreswan重新启动。
3)为RHEL处理libreswan.spec文件时应用程序不安全创建/var/tmp/libreswan-nss-pwd文件,可被利用来操纵某些数据。
0
libreswan 3.x
厂商补丁:
libreswan
libreswan 3.7版本以修复此漏洞,建议用户下载使用:
https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
Related
nessus
nessus
Fedora 18 : libreswan-3.7-1.fc18 (2013-23299)
2013-12-23 00:00:00
Fedora 20 : libreswan-3.7-1.fc20 (2013-23250)
2013-12-23 00:00:00
Fedora 19 : libreswan-3.7-1.fc19 (2013-23315)
2013-12-23 00:00:00
openvas
openvas
Fedora Update for libreswan FEDORA-2013-23315
2013-12-23 00:00:00
Fedora Update for libreswan FEDORA-2013-23315
2013-12-23 00:00:00
Fedora Update for libreswan FEDORA-2013-23299
2013-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: libreswan-3.7-1.fc18
2013-12-23 03:41:31
[SECURITY] Fedora 20 Update: libreswan-3.7-1.fc20
2013-12-23 03:45:24
[SECURITY] Fedora 19 Update: libreswan-3.7-1.fc19
2013-12-23 03:43:20
cve
cve
CVE-2013-4564
2014-01-07 17:04:00
debiancve
debiancve
CVE-2013-4564
2014-01-07 17:04:00
prion
prion
Code injection
2014-01-07 17:04:00
seebug
seebug
Libreswan 'ikev2parent_inI1outR1()'函数远程拒绝服务漏洞
2014-01-20 00:00:00
rapid7blog
rapid7blog
NICER Protocol Deep Dive: Internet Exposure of HTTP and HTTPS
2021-01-29 14:20:22