User: Password:
Subscribe / Log in / New account

strongswan: multiple vulnerabilities

Package(s):strongswan CVE #(s):CVE-2013-6075
Created:November 1, 2013 Updated:January 27, 2014

From the Debian advisory:

A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links.

By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a denial of service (daemon crash) or an authorization bypass (impersonating a different user, potentially acquiring VPN permissions she doesn't have).

Fedora FEDORA-2014-0567 strongswan 2014-01-25
Fedora FEDORA-2014-0516 strongswan 2014-01-25
openSUSE openSUSE-SU-2013:1646-1 strongswan 2013-11-09
openSUSE openSUSE-SU-2013:1651-1 strongswan 2013-11-09
Debian DSA-2789-1 strongswan 2013-11-01

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds