Test Kennung:	1.3.6.1.4.1.25623.1.0.800673
Kategorie:	Denial of Service
Titel:	strongSwan DoS Vulnerability (Aug 2009)
Zusammenfassung:	strongSwan is prone to a denial of service (DoS) vulnerability.
Beschreibung:	Summary: strongSwan is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error in 'asn1_length()' function in the 'libstrongswan/asn1/asn1.c' script. It does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs). Vulnerability Impact: Successful exploitation allows attackers to crash pluto IKE daemon, corrupt memory and can cause a denial of service. Affected Software/OS: strongSwan version 2.8.x prior to 2.8.11, 4.2.x prior to 4.2.17 and 4.3.x prior to 4.3.3. Solution: Update to version 2.8.11, 4.2.17, 4.3.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2661 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://lists.strongswan.org/pipermail/announce/2009-July/000056.html http://www.openwall.com/lists/oss-security/2009/07/27/1 http://secunia.com/advisories/36922 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.vupen.com/english/advisories/2009/2247
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.