Giuseppe Iuculano
2009-Jun-02 18:35 UTC
[Secure-testing-team] Bug#531612: [SA35296] strongSwan Two Denial of Service Vulnerabilities
Package: strongswan Severity: serious Tags: security patch -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for strongswan: SA35296[1]:> DESCRIPTION: > Two vulnerabilities have been reported in strongSwan, which can be > exploited by malicious people to cause a DoS (Denial of Service). > > 1) An error in the IKEv2 charon daemon can be exploited to trigger a > NULL pointer dereference and cause a crash via specially crafted > IKE_SA_INIT and CREATE_CHILD_SA requests. > > 2) An error in the IKEv2 charon daemon can be exploited to trigger a > NULL pointer dereference and cause a crash via an IKE_AUTH request > missing a TSi or TSr payload. > > The vulnerabilities are reported in versions 4.1.0 through 4.3.0. > > SOLUTION: > Update to version 4.3.1 or 4.2.15, or apply patches: > http://download.strongswan.org/patches/03_invalid_ike_state_patch/ > http://download.strongswan.org/patches/04_swapped_ts_check_patch/ > > PROVIDED AND/OR DISCOVERED BY: > Reported by the vendor. > > ORIGINAL ADVISORY: > http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme > http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readmeIf you fix the vulnerability please also make sure to include the CVE id (if will be available) in the changelog entry. [1]http://secunia.com/advisories/35296/ Patches: http://download.strongswan.org/patches/03_invalid_ike_state_patch/ http://download.strongswan.org/patches/04_swapped_ts_check_patch/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkolcP4ACgkQNxpp46476aouWQCghzO5oD+VYA2hj8US61W2sOCy pZkAn0GJ0MZ77UHYSVy4Zg/TrtHG1ERA =0tLy -----END PGP SIGNATURE-----