ID de Prueba:	1.3.6.1.4.1.25623.1.0.800673
Categoría:	Denial of Service
Título:	strongSwan DoS Vulnerability (Aug 2009)
Resumen:	strongSwan is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: strongSwan is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error in 'asn1_length()' function in the 'libstrongswan/asn1/asn1.c' script. It does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs). Vulnerability Impact: Successful exploitation allows attackers to crash pluto IKE daemon, corrupt memory and can cause a denial of service. Affected Software/OS: strongSwan version 2.8.x prior to 2.8.11, 4.2.x prior to 4.2.17 and 4.3.x prior to 4.3.3. Solution: Update to version 2.8.11, 4.2.17, 4.3.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2661 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://lists.strongswan.org/pipermail/announce/2009-July/000056.html http://www.openwall.com/lists/oss-security/2009/07/27/1 http://secunia.com/advisories/36922 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.vupen.com/english/advisories/2009/2247
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.