ID de Prueba:	1.3.6.1.4.1.25623.1.0.800632
Categoría:	Denial of Service
Título:	strongSwan IKE_SA_INIT and IKE_AUTH DoS Vulnerabilities
Resumen:	strongSwan is prone to multiple denial of service (DoS); vulnerabilities.
Descripción:	Summary: strongSwan is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - An error in charon/sa/ike_sa.c charon daemon which results in NULL pointer dereference and crash via an invalid 'IKE_SA_INIT' request that triggers 'an incomplete state, ' followed by a 'CREATE_CHILD_SA' request. - An error in incharon/sa/tasks/child_create.c charon daemon, it switches the NULL checks for TSi and TSr payloads, via an 'IKE_AUTH' request without a 'TSi' or 'TSr' traffic selector. Vulnerability Impact: Successful exploit allows attackers to run arbitrary code, corrupt memory, and can cause a denial of service. Affected Software/OS: strongSwan versions prior to 4.2.15 and 4.3.x prior to 4.3.1 Solution: Update to version 4.3.1, 4.2.15 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1957 BugTraq ID: 35178 http://www.securityfocus.com/bid/35178 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://lists.strongswan.org/pipermail/users/2009-May/003457.html http://secunia.com/advisories/35296 http://secunia.com/advisories/35685 http://secunia.com/advisories/36922 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2009-1958
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.