Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2185

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2185
Last Modified 21 Aug 2010 01:33:26
Published 24 Jun 2009 10:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2185

Summary

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

Vulnerable Systems

Application

  • Openswan 2.4

  • Openswan 2.4.1

  • Openswan 2.4.10

  • Openswan 2.4.2

  • Openswan 2.4.3

  • Openswan 2.4.4

  • Openswan 2.4.5

  • Openswan 2.4.9

  • Openswan 2.6.03

  • Openswan 2.6.04

  • Openswan 2.6.05

  • Openswan 2.6.06

  • Openswan 2.6.07

  • Openswan 2.6.08

  • Openswan 2.6.09

  • Openswan 2.6.10

  • Openswan 2.6.11

  • Openswan 2.6.12

  • Openswan 2.6.13

  • Openswan 2.6.14

  • Openswan 2.6.15

  • Openswan 2.6.16

  • Openswan 2.6.17

  • Openswan 2.6.18

  • Openswan 2.6.19

  • Openswan 2.6.20

  • Strongswan 2.8.0

  • Strongswan 2.8.1

  • Strongswan 2.8.10

  • Strongswan 2.8.2

  • Strongswan 2.8.3

  • Strongswan 2.8.4

  • Strongswan 2.8.5

  • Strongswan 2.8.6

  • Strongswan 2.8.7

  • Strongswan 2.8.8

  • Strongswan 2.8.9

  • Strongswan 4.1

  • Strongswan 4.2.0

  • Strongswan 4.2.1

  • Strongswan 4.2.10

  • Strongswan 4.2.11

  • Strongswan 4.2.12

  • Strongswan 4.2.13

  • Strongswan 4.2.14

  • Strongswan 4.2.15

  • Strongswan 4.2.2

  • Strongswan 4.2.3

  • Strongswan 4.2.4

  • Strongswan 4.2.5

  • Strongswan 4.2.6

  • Strongswan 4.2.7

  • Strongswan 4.2.8

  • Strongswan 4.2.9

  • Strongswan 4.3.0

  • Strongswan 4.3.1


References

BID - 35452

FEDORA - FEDORA-2009-7478

FEDORA - FEDORA-2009-7423

VUPEN - ADV-2009-3354

VUPEN - ADV-2009-1829

VUPEN - ADV-2009-1706

VUPEN - ADV-2009-1639

SECTRACK - 1022428

REDHAT - RHSA-2009:1138

CONFIRM - http://www.ingate.com/Relnote.php?ver=481

DEBIAN - DSA-1899

DEBIAN - DSA-1898

CONFIRM - http://up2date.astaro.com/2009/07/up2date_7404_released.html

SECUNIA - 37504

SECUNIA - 36950

SECUNIA - 36922

SECUNIA - 35804

SECUNIA - 35740

SECUNIA - 35698

SECUNIA - 35522

CONFIRM - http://download.strongswan.org/CHANGES42.txt

CONFIRM - http://download.strongswan.org/CHANGES4.txt

CONFIRM - http://download.strongswan.org/CHANGES2.txt


Last Updated: 27 May 2016 10:50:48