|
|
| |
|
| |
FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling
| Package(s): | freeswan |
CVE #(s): | |
| Created: | June 26, 2004 |
Updated: | July 15, 2004 |
| Description: |
FreeS/WAN, Openswan, strongSwan and Super-FreeS/WAN contain two bugs
when authenticating PKCS#7 certificates. This could allow an attacker
to authenticate with a fake certificate. All these IPsec implementations
have several bugs in the verify_x509cert() function, which performs
certificate validation, that make them vulnerable to malicious PKCS#7
wrapped objects. With a carefully crafted certificate payload an attacker
can successfully authenticate against FreeS/WAN, Openswan, strongSwan or
Super-FreeS/WAN, or make the daemon go into an endless loop. |
| Alerts: |
|
( Log in to post comments)
|
|
|