Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4551

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-4551
Last Modified 07 Mar 2011 10:12:39
Published 14 Oct 2008 04:00:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4551

Summary

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).

Vulnerable Systems

Application

  • Strongswan 2.0.0

  • Strongswan 2.0.1

  • Strongswan 2.0.2

  • Strongswan 2.1.0

  • Strongswan 2.1.1

  • Strongswan 2.1.2

  • Strongswan 2.1.3

  • Strongswan 2.1.4

  • Strongswan 2.1.5

  • Strongswan 2.2.0

  • Strongswan 2.2.1

  • Strongswan 2.2.2

  • Strongswan 2.3.0

  • Strongswan 2.3.1

  • Strongswan 2.3.2

  • Strongswan 2.4.0

  • Strongswan 2.4.0a

  • Strongswan 2.4.1

  • Strongswan 2.4.2

  • Strongswan 2.4.3

  • Strongswan 2.5.0

  • Strongswan 2.5.1

  • Strongswan 2.5.2

  • Strongswan 2.5.3

  • Strongswan 2.5.4

  • Strongswan 2.5.5

  • Strongswan 2.5.6

  • Strongswan 2.5.7

  • Strongswan 2.6.0

  • Strongswan 2.6.1

  • Strongswan 2.6.2

  • Strongswan 2.6.3

  • Strongswan 2.6.4

  • Strongswan 2.7.0

  • Strongswan 4.0.0

  • Strongswan 4.0.1

  • Strongswan 4.0.2

  • Strongswan 4.0.3

  • Strongswan 4.0.4

  • Strongswan 4.0.5

  • Strongswan 4.0.6

  • Strongswan 4.0.7

  • Strongswan 4.1.0

  • Strongswan 4.1.1

  • Strongswan 4.1.10

  • Strongswan 4.1.11

  • Strongswan 4.1.2

  • Strongswan 4.1.3

  • Strongswan 4.1.4

  • Strongswan 4.1.5

  • Strongswan 4.1.6

  • Strongswan 4.1.7

  • Strongswan 4.1.8

  • Strongswan 4.1.9

  • Strongswan 4.2.0

  • Strongswan 4.2.1

  • Strongswan 4.2.2

  • Strongswan 4.2.3

  • Strongswan 4.2.4

  • Strongswan 4.2.5

  • Strongswan 4.2.6


References

VUPEN - ADV-2008-2660

SECTRACK - 1020903

BID - 31291

SECUNIA - 31963

MISC - http://labs.mudynamics.com/advisories/MU-200809-01.txt

CONFIRM - http://download.strongswan.org/CHANGES4.txt


Last Updated: 27 May 2016 10:48:32