CVE-2011-4073

Related Files

Mandriva Linux Security Advisory 2013-231

Posted Sep 12, 2013

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-231 - Multiple vulnerabilities has been discovered and corrected in openswan. The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the in many distributions and the upstream version, this tool has been disabled. The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted R_U_THERE_ACK Dead Peer Detection IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability

systems | linux, mandriva

advisories | CVE-2008-4190, CVE-2009-0790, CVE-2009-2185, CVE-2011-4073, CVE-2013-2053

SHA-256 | fb07f53fcbc6401898ba4775ff34c35ba6bd0724b1aaf7b8955e48769191fdc6

Download | Favorite | View

Gentoo Linux Security Advisory 201203-13

Posted Mar 16, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-13 - Multiple vulnerabilities in Openswan may create a Denial of Service condition. Versions less than 2.6.37 are affected.

tags | advisory, denial of service, vulnerability

systems | linux, gentoo

advisories | CVE-2011-2147, CVE-2011-4073

SHA-256 | f5a0e55e7b9a8299853a525870453ba514b748a569cfbe010a5cf5277cc73d46

Download | Favorite | View

Debian Security Advisory 2374-1

Posted Dec 26, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2374-1 - The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto.

tags | advisory, denial of service, cryptography

systems | linux, debian

advisories | CVE-2011-4073

SHA-256 | 2e3b194b94bdc4f7f0091e298a2cc51c679c239928c746db286a6f2f132d600b

Download | Favorite | View

Red Hat Security Advisory 2011-1422-01

Posted Nov 3, 2011

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1422-01 - Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6.

tags | advisory, remote, protocol

systems | linux, redhat

advisories | CVE-2011-4073

SHA-256 | 385e1137aca7e64a21434b3467ac61b60de918f2c5abde3150b94a252c15598d

Download | Favorite | View