Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1958

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1958
Last Modified 14 Oct 2009 01:24:19
Published 07 Jun 2009 09:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1958

Summary

charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.

Vulnerable Systems

Application

  • Strongswan 2.0.0

  • Strongswan 2.0.1

  • Strongswan 2.0.2

  • Strongswan 2.1.0

  • Strongswan 2.1.1

  • Strongswan 2.1.2

  • Strongswan 2.1.3

  • Strongswan 2.1.4

  • Strongswan 2.1.5

  • Strongswan 2.2.0

  • Strongswan 2.2.1

  • Strongswan 2.2.2

  • Strongswan 2.3.0

  • Strongswan 2.3.1

  • Strongswan 2.3.2

  • Strongswan 2.4.0

  • Strongswan 2.4.0a

  • Strongswan 2.4.1

  • Strongswan 2.4.2

  • Strongswan 2.4.3

  • Strongswan 2.4.4

  • Strongswan 2.5.0

  • Strongswan 2.5.1

  • Strongswan 2.5.2

  • Strongswan 2.5.3

  • Strongswan 2.5.4

  • Strongswan 2.5.5

  • Strongswan 2.5.6

  • Strongswan 2.5.7

  • Strongswan 2.6.0

  • Strongswan 2.6.1

  • Strongswan 2.6.16

  • Strongswan 2.6.2

  • Strongswan 2.6.20

  • Strongswan 2.6.3

  • Strongswan 2.6.4

  • Strongswan 2.7.0

  • Strongswan 2.8.0

  • Strongswan 2.8.1

  • Strongswan 2.8.2

  • Strongswan 2.8.3

  • Strongswan 2.8.4

  • Strongswan 2.8.5

  • Strongswan 2.8.6

  • Strongswan 2.8.7

  • Strongswan 2.8.8

  • Strongswan 4.0.0

  • Strongswan 4.0.1

  • Strongswan 4.0.2

  • Strongswan 4.0.3

  • Strongswan 4.0.4

  • Strongswan 4.0.5

  • Strongswan 4.0.6

  • Strongswan 4.0.7

  • Strongswan 4.1.0

  • Strongswan 4.1.1

  • Strongswan 4.1.10

  • Strongswan 4.1.11

  • Strongswan 4.1.2

  • Strongswan 4.1.3

  • Strongswan 4.1.4

  • Strongswan 4.1.5

  • Strongswan 4.1.6

  • Strongswan 4.1.7

  • Strongswan 4.1.8

  • Strongswan 4.1.9

  • Strongswan 4.2.0

  • Strongswan 4.2.1

  • Strongswan 4.2.10

  • Strongswan 4.2.11

  • Strongswan 4.2.12

  • Strongswan 4.2.13

  • Strongswan 4.2.2

  • Strongswan 4.2.3

  • Strongswan 4.2.4

  • Strongswan 4.2.5

  • Strongswan 4.2.6

  • Strongswan 4.2.7

  • Strongswan 4.2.8

  • Strongswan 4.2.9


References

CONFIRM - http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme

CONFIRM - http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch

MLIST - [strongSwan] 20090527 [strongSwan] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released

BID - 35178

DEBIAN - DSA-1899

SECUNIA - 36922

SECUNIA - 35685

SECUNIA - 35296

SUSE - SUSE-SR:2009:012

CONFIRM - http://download.strongswan.org/CHANGES4.txt


Last Updated: 27 May 2016 10:50:44