Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2661

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-2661
Last Modified 24 Nov 2009 02:02:12
Published 04 Aug 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2661

Summary

The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.

Vulnerable Systems

Application

  • Strongswan 2.8.0

  • Strongswan 2.8.1

  • Strongswan 2.8.10

  • Strongswan 2.8.2

  • Strongswan 2.8.3

  • Strongswan 2.8.4

  • Strongswan 2.8.5

  • Strongswan 2.8.6

  • Strongswan 2.8.7

  • Strongswan 2.8.8

  • Strongswan 4.2.0

  • Strongswan 4.2.1

  • Strongswan 4.2.10

  • Strongswan 4.2.11

  • Strongswan 4.2.12

  • Strongswan 4.2.13

  • Strongswan 4.2.14

  • Strongswan 4.2.15

  • Strongswan 4.2.16

  • Strongswan 4.2.2

  • Strongswan 4.2.3

  • Strongswan 4.3.0

  • Strongswan 4.3.1

  • Strongswan 4.3.2


References

MLIST - [Announce] 20090723 ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released

CONFIRM - http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch

VUPEN - ADV-2009-2247

MLIST - [oss-security] 20090727 CVE id request: strongswan

DEBIAN - DSA-1899

CONFIRM - http://up2date.astaro.com/2009/08/up2date_7505_released.html

SECUNIA - 36922

SUSE - SUSE-SR:2009:018

SUSE - SUSE-SR:2009:016

CONFIRM - http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch

Related Patches

Novell SUSE 2009:6478 openswan security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:59