Lucene search
UbuntuUSN-2450-1HistoryJan 05, 2015 - 12:00 a.m.
strongSwan vulnerability
2015-01-0500:00:00
ubuntu.com
28
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
9.5 High
AI Score
Confidence
High
0.082 Low
EPSS
Percentile
94.4%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
Packages
- strongswan - IPsec VPN solution
Details
Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2
payloads that contained the Diffie-Hellman group 1025. A remote attacker
could use this issue to cause the IKE daemon to crash, resulting in a
denial of service.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | strongswan-ike | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libstrongswan | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-dbg | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-nm | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-plugin-af-alg | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-plugin-agent | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-plugin-attr-sql | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-plugin-certexpire | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-plugin-coupling | < 5.1.2-0ubuntu3.2 | UNKNOWN |
| Ubuntu | 14.10 | noarch | strongswan-plugin-curl | < 5.1.2-0ubuntu3.2 | UNKNOWN |
References
Related
nessus
nessus
Debian DSA-3118-1 : strongswan - security update
2015-01-06 00:00:00
Fedora 20 : strongswan-5.2.2-1.fc20 (2015-0577)
2015-03-30 00:00:00
Fedora 21 : strongswan-5.2.2-2.fc21 (2015-3043)
2015-03-30 00:00:00
openvas
openvas
Debian Security Advisory DSA 3118-1 (strongswan - security update)
2015-01-05 00:00:00
Fedora Update for strongswan FEDORA-2015-3043
2015-03-30 00:00:00
Debian: Security Advisory (DSA-3118-1)
2015-01-04 00:00:00
prion
prion
Null pointer dereference
2015-01-07 19:59:00
securityvulns
securityvulns
Strongswan DoS
2015-01-13 00:00:00
[SECURITY] [DSA 3118-1] strongswan security update
2015-01-13 00:00:00
ubuntucve
ubuntucve
CVE-2014-9221
2014-12-19 00:00:00
cve
cve
CVE-2014-9221
2015-01-07 19:59:01
debiancve
debiancve
CVE-2014-9221
2015-01-07 19:59:01
fedora
fedora
[SECURITY] Fedora 21 Update: strongswan-5.2.2-2.fc21
2015-03-29 05:04:39
[SECURITY] Fedora 22 Update: strongswan-5.3.2-1.fc22
2015-08-19 08:21:47
[SECURITY] Fedora 21 Update: strongswan-5.3.2-1.fc21
2015-08-19 08:21:24
debian
debian
[SECURITY] [DSA 3118-1] strongswan security update
2015-01-05 12:11:26
cvelist
cvelist
CVE-2014-9221
2015-01-07 19:00:00
nvd
nvd
CVE-2014-9221
2015-01-07 19:59:01
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
9.5 High
AI Score
Confidence
High
0.082 Low
EPSS
Percentile
94.4%
Related for USN-2450-1