[Secure-testing-team] Bug#531612: [SA35296] strongSwan Two Denial of Service Vulnerabilities
Giuseppe Iuculano
giuseppe at iuculano.it
Tue Jun 2 18:35:51 UTC 2009
Package: strongswan
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for strongswan:
SA35296[1]:
> DESCRIPTION:
> Two vulnerabilities have been reported in strongSwan, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
>
> 1) An error in the IKEv2 charon daemon can be exploited to trigger a
> NULL pointer dereference and cause a crash via specially crafted
> IKE_SA_INIT and CREATE_CHILD_SA requests.
>
> 2) An error in the IKEv2 charon daemon can be exploited to trigger a
> NULL pointer dereference and cause a crash via an IKE_AUTH request
> missing a TSi or TSr payload.
>
> The vulnerabilities are reported in versions 4.1.0 through 4.3.0.
>
> SOLUTION:
> Update to version 4.3.1 or 4.2.15, or apply patches:
> http://download.strongswan.org/patches/03_invalid_ike_state_patch/
> http://download.strongswan.org/patches/04_swapped_ts_check_patch/
>
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
>
> ORIGINAL ADVISORY:
> http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme
> http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme
If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.
[1]http://secunia.com/advisories/35296/
Patches: http://download.strongswan.org/patches/03_invalid_ike_state_patch/
http://download.strongswan.org/patches/04_swapped_ts_check_patch/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkolcP4ACgkQNxpp46476aouWQCghzO5oD+VYA2hj8US61W2sOCy
pZkAn0GJ0MZ77UHYSVy4Zg/TrtHG1ERA
=0tLy
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list