Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4073

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2011-4073
Last Modified 12 Mar 2012 12:00:00
Published 17 Nov 2011 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-4073

Summary

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

Vulnerable Systems

Application

  • Openswan 2.3.0

  • Openswan 2.3.1

  • Openswan 2.4

  • Openswan 2.4.1

  • Openswan 2.4.10

  • Openswan 2.4.11

  • Openswan 2.4.12

  • Openswan 2.4.13

  • Openswan 2.4.2

  • Openswan 2.4.3

  • Openswan 2.4.4

  • Openswan 2.4.5

  • Openswan 2.4.6

  • Openswan 2.4.7

  • Openswan 2.4.8

  • Openswan 2.4.9

  • Openswan 2.5.0

  • Openswan 2.5.01

  • Openswan 2.5.02

  • Openswan 2.5.03

  • Openswan 2.5.04

  • Openswan 2.5.05

  • Openswan 2.5.06

  • Openswan 2.5.07

  • Openswan 2.5.08

  • Openswan 2.5.09

  • Openswan 2.5.10

  • Openswan 2.5.11

  • Openswan 2.5.12

  • Openswan 2.5.13

  • Openswan 2.5.14

  • Openswan 2.5.15

  • Openswan 2.5.16

  • Openswan 2.5.17

  • Openswan 2.5.18

  • Openswan 2.6.01

  • Openswan 2.6.02

  • Openswan 2.6.03

  • Openswan 2.6.04

  • Openswan 2.6.05

  • Openswan 2.6.06

  • Openswan 2.6.07

  • Openswan 2.6.08

  • Openswan 2.6.09

  • Openswan 2.6.10

  • Openswan 2.6.11

  • Openswan 2.6.12

  • Openswan 2.6.13

  • Openswan 2.6.14

  • Openswan 2.6.15

  • Openswan 2.6.16

  • Openswan 2.6.17

  • Openswan 2.6.18

  • Openswan 2.6.19

  • Openswan 2.6.20

  • Openswan 2.6.21

  • Openswan 2.6.22

  • Openswan 2.6.23

  • Openswan 2.6.24

  • Openswan 2.6.25

  • Openswan 2.6.26

  • Openswan 2.6.27

  • Openswan 2.6.28

  • Openswan 2.6.29

  • Openswan 2.6.30

  • Openswan 2.6.31

  • Openswan 2.6.32

  • Openswan 2.6.33

  • Openswan 2.6.34

  • Openswan 2.6.35

  • Openswan 2.6.36


References

SECTRACK - 1026268

BID - 50440

REDHAT - RHSA-2011:1422

SECUNIA - 46681

SECUNIA - 46678

CONFIRM - http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt

DEBIAN - DSA-2374

SECUNIA - 47342

Related Patches

Novell SUSE 2011:5424 openswan security update for SLES 11 SP1 i586

Novell SUSE 2011:5424 openswan security update for SLES 11 SP1 x86_64

Novell SUSE 2011:7836 openswan security update for SLE 10 SP4 i586

Novell SUSE 2011:7836 openswan security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:57:51