 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.63711 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Security Advisory RHSA-2009:0402 |
| Summary: | The remote host is missing updates announced in;advisory RHSA-2009:0402.;;Openswan is a free implementation of Internet Protocol Security (IPsec);and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide;both authentication and encryption services. These services allow you to;build secure tunnels through untrusted networks. Everything passing through;the untrusted network is encrypted by the IPsec gateway machine, and;decrypted by the gateway at the other end of the tunnel. The resulting;tunnel is a virtual private network (VPN).;;Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in;Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD;packet to crash the pluto daemon. (CVE-2009-0790);;It was discovered that Openswan's livetest script created temporary files;in an insecure manner. A local attacker could use this flaw to overwrite;arbitrary files owned by the user running the script. (CVE-2008-4190);;Note: The livetest script is an incomplete feature and was not;automatically executed by any other script distributed with Openswan, or;intended to be used at all, as was documented in its man page. In these;updated packages, the script only prints an informative message and exits;immediately when run.;;All users of openswan are advised to upgrade to these updated packages,;which contain backported patches to correct these issues. After installing;this update, the ipsec service will be restarted automatically. |
| Description: | Summary: The remote host is missing updates announced in advisory RHSA-2009:0402. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. (CVE-2009-0790) It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local attacker could use this flaw to overwrite arbitrary files owned by the user running the script. (CVE-2008-4190) Note: The livetest script is an incomplete feature and was not automatically executed by any other script distributed with Openswan, or intended to be used at all, as was documented in its man page. In these updated packages, the script only prints an informative message and exits immediately when run. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2008-4190 BugTraq ID: 31243 http://www.securityfocus.com/bid/31243 Bugtraq: 20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation (Google Search) http://www.securityfocus.com/archive/1/501624/100/0/threaded http://www.securityfocus.com/archive/1/501640/100/0/threaded Debian Security Information: DSA-1760 (Google Search) http://www.debian.org/security/2009/dsa-1760 https://www.exploit-db.com/exploits/9135 http://www.openwall.com/lists/oss-security/2008/10/30/2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078 http://www.redhat.com/support/errata/RHSA-2009-0402.html http://secunia.com/advisories/34182 http://secunia.com/advisories/34472 XForce ISS Database: openswan-livetest-symlink(45250) https://exchange.xforce.ibmcloud.com/vulnerabilities/45250 Common Vulnerability Exposure (CVE) ID: CVE-2009-0790 1021949 http://www.securitytracker.com/id?1021949 1021950 http://www.securitytracker.com/id?1021950 20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec http://www.securityfocus.com/archive/1/502270/100/0/threaded 34296 http://www.securityfocus.com/bid/34296 34472 34483 http://secunia.com/advisories/34483 34494 http://secunia.com/advisories/34494 34546 http://secunia.com/advisories/34546 ADV-2009-0886 http://www.vupen.com/english/advisories/2009/0886 DSA-1759 http://www.debian.org/security/2009/dsa-1759 DSA-1760 RHSA-2009:0402 SUSE-SR:2009:009 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://download.strongswan.org/CHANGES4.txt http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt openswan-strongswan-dpd-dos(49523) https://exchange.xforce.ibmcloud.com/vulnerabilities/49523 oval:org.mitre.oval:def:11171 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171 |
| Copyright | Copyright (C) 2009 E-Soft Inc. |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |