Test ID:	1.3.6.1.4.1.25623.1.0.800673
Category:	Denial of Service
Title:	strongSwan DoS Vulnerability (Aug 2009)
Summary:	strongSwan is prone to a denial of service (DoS) vulnerability.
Description:	Summary: strongSwan is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The flaw is due to an error in 'asn1_length()' function in the 'libstrongswan/asn1/asn1.c' script. It does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs). Vulnerability Impact: Successful exploitation allows attackers to crash pluto IKE daemon, corrupt memory and can cause a denial of service. Affected Software/OS: strongSwan version 2.8.x prior to 2.8.11, 4.2.x prior to 4.2.17 and 4.3.x prior to 4.3.3. Solution: Update to version 2.8.11, 4.2.17, 4.3.3 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2661 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://lists.strongswan.org/pipermail/announce/2009-July/000056.html http://www.openwall.com/lists/oss-security/2009/07/27/1 http://secunia.com/advisories/36922 SuSE Security Announcement: SUSE-SR:2009:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html SuSE Security Announcement: SUSE-SR:2009:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://www.vupen.com/english/advisories/2009/2247
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.