Test ID:	1.3.6.1.4.1.25623.1.0.65006
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1899-1)
Summary:	The remote host is missing an update for the Debian 'strongswan' package(s) announced via the DSA-1899-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'strongswan' package(s) announced via the DSA-1899-1 advisory. Vulnerability Insight: Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2 packets. (The old stable distribution (etch) was not affected by these two problems because it lacks IKEv2 support.) CVE-2009-2185 CVE-2009-2661 The pluto daemon could crash when processing a crafted X.509 certificate. For the old stable distribution (etch), these problems have been fixed in version 2.8.0+dfsg-1+etch2. For the stable distribution (lenny), these problems have been fixed in version 4.2.4-5+lenny3. For the unstable distribution (sid), these problems have been fixed in version 4.3.2-1.1. We recommend that you upgrade your strongswan packages. Affected Software/OS: 'strongswan' package(s) on Debian 4, Debian 5. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1957 BugTraq ID: 35178 http://www.securityfocus.com/bid/35178 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://lists.strongswan.org/pipermail/users/2009-May/003457.html http://secunia.com/advisories/35296 http://secunia.com/advisories/35685 http://secunia.com/advisories/36922 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html Common Vulnerability Exposure (CVE) ID: CVE-2009-1958 Common Vulnerability Exposure (CVE) ID: CVE-2009-2185 BugTraq ID: 35452 http://www.securityfocus.com/bid/35452 Debian Security Information: DSA-1898 (Google Search) http://www.debian.org/security/2009/dsa-1898 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079 http://www.redhat.com/support/errata/RHSA-2009-1138.html http://www.securitytracker.com/id?1022428 http://secunia.com/advisories/35522 http://secunia.com/advisories/35698 http://secunia.com/advisories/35740 http://secunia.com/advisories/35804 http://secunia.com/advisories/36950 http://secunia.com/advisories/37504 http://www.vupen.com/english/advisories/2009/1639 http://www.vupen.com/english/advisories/2009/1706 http://www.vupen.com/english/advisories/2009/1829 http://www.vupen.com/english/advisories/2009/3354 Common Vulnerability Exposure (CVE) ID: CVE-2009-2661 https://lists.strongswan.org/pipermail/announce/2009-July/000056.html http://www.openwall.com/lists/oss-security/2009/07/27/1 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.vupen.com/english/advisories/2009/2247
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.