Test ID:	1.3.6.1.4.1.25623.1.0.64335
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:1138
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:1138.;;Openswan is a free implementation of Internet Protocol Security (IPsec);and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide;both authentication and encryption services. These services allow you to;build secure tunnels through untrusted networks. Everything passing through;the untrusted network is encrypted by the IPsec gateway machine, and;decrypted by the gateway at the other end of the tunnel. The resulting;tunnel is a virtual private network (VPN).;;Multiple insufficient input validation flaws were found in the way;Openswan's pluto IKE daemon processed some fields of X.509 certificates. A;remote attacker could provide a specially-crafted X.509 certificate that;would crash the pluto daemon. (CVE-2009-2185);;All users of openswan are advised to upgrade to these updated packages,;which contain a backported patch to correct these issues. After installing;this update, the ipsec service will be restarted automatically.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1138. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Multiple insufficient input validation flaws were found in the way Openswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon. (CVE-2009-2185) All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the ipsec service will be restarted automatically. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2185 BugTraq ID: 35452 http://www.securityfocus.com/bid/35452 Debian Security Information: DSA-1898 (Google Search) http://www.debian.org/security/2009/dsa-1898 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079 http://www.redhat.com/support/errata/RHSA-2009-1138.html http://www.securitytracker.com/id?1022428 http://secunia.com/advisories/35522 http://secunia.com/advisories/35698 http://secunia.com/advisories/35740 http://secunia.com/advisories/35804 http://secunia.com/advisories/36922 http://secunia.com/advisories/36950 http://secunia.com/advisories/37504 http://www.vupen.com/english/advisories/2009/1639 http://www.vupen.com/english/advisories/2009/1706 http://www.vupen.com/english/advisories/2009/1829 http://www.vupen.com/english/advisories/2009/3354
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.