CVSS: 7.1EPSS: 3%CPEs: 3EXPL: 0CVE-2010-3308 – Openswan cisco banner option handling vulnerability
https://notcve.org/view.php?id=CVE-2010-3308
Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field. Desbordamiento de búfer en programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 podría permitir ejecutar código de su elección a gateways autenticados remotos o causar una denegación de servicio a través de valor excesivamente largo en cisco_banner (también conocido como server_banner). • http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html http://secunia.com/advisories/41769 http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt http://www.openswan.org/download/CVE-2010-3308/openswan-2.6.26-2.6.28-CVE-2010-330x.patch http://www.redhat.com/support/errata/RHSA-2010-0892.htm • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 7%CPEs: 56EXPL: 0CVE-2009-2185 – Openswan ASN.1 parser vulnerability
https://notcve.org/view.php?id=CVE-2009-2185
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. El analizador ASN.1 pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) en (a) strongSwan v2.8 anterior a v2.8.10, v4.2 anterior a v4.2.16, y v4.3 anterior a v4.3.2; y (b) openSwan v2.6 anterior a v2.6.22 y v2.4 anterior a v2.4.15 permite a atacantes remotos provocar una denegación de servicio (caída del demonio IKE pluto) a través de un certificado X.509 con (1) Nombres Caracterizados Relativos (RDNs) (2) una cadena UTCTIME manipulada, o (3) una cadena GENERALIZEDTIME manipulada. • http://download.strongswan.org/CHANGES2.txt http://download.strongswan.org/CHANGES4.txt http://download.strongswan.org/CHANGES42.txt http://secunia.com/advisories/35522 http://secunia.com/advisories/35698 http://secunia.com/advisories/35740 http://secunia.com/advisories/35804 http://secunia.com/advisories/36922 http://secunia.com/advisories/36950 http://secunia.com/advisories/37504 http://up2date.astaro.com/2009/07/up2date_7404_released.html http://www.debian.org/security/2009/ • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 84%CPEs: 60EXPL: 0CVE-2009-0790 – openswan: ISAKMP DPD remote DoS
https://notcve.org/view.php?id=CVE-2009-0790
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. El demonio IKE pluto de Openswan y Strongswan IPsec v2.6 anterior a v2.6.21 y v2.4 anterior a v2.4.14, y Strongswan v4.2 anterior a v4.2.14 y v2.8 anteior a v2.8.9; permite a atacantes remotos provocar una denegación de servicio (caída del demonio y reinicio) a través de (1) R_U_THERE o (2) R_U_THERE_ACK Detección de pares muertos (Dead Peer Detection -DPD) mensaje de Notificación IKE IPsec que provoca una referencia a puntero nulo relacionado con el estado inconsistente ISAKMP y la falta de un estado de asociacion phase2 en DPD. • http://download.strongswan.org/CHANGES4.txt http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34472 http://secunia.com/advisories/34483 http://secunia.com/advisories/34494 http://secunia.com/advisories/34546 http://www.debian.org/security/2009/dsa-1759 http://www.debian.org/security/2009/dsa-1760 http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt http://www.redhat.com/support/errata/RHSA-2009-0402.html http:/ • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 41EXPL: 1CVE-2008-4190 – Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-4190
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled. La herramienta livetest de IPSEC en Openswan versión 2.4.12 y anteriores, y versiones 2.6.x hasta 2.6.16, permite a los usuarios locales sobrescribir archivos arbitrarios y ejecutar código arbitrario mediante un ataque de tipo symlink en los archivos temporales (1) ipseclive.conn y (2) ipsec.olts.remote.log. NOTA: en muchas distribuciones y en la versión anterior, esta herramienta se ha deshabilitado. Openswan versions equal to and below 2.4.12/2.6.16 suffer from an insecure file creation vulnerability that allows for privilege escalation. • https://www.exploit-db.com/exploits/9135 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374 http://dev.gentoo.org/~rbu/security/debiantemp/openswan http://secunia.com/advisories/34182 http://secunia.com/advisories/34472 http://www.debian.org/security/2009/dsa-1760 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.redhat.com/support/errata/RHSA-2009-0402.html http://www.securityfocus.com/archive/1/501624/100/0/threaded http://www.securi • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 5%CPEs: 9EXPL: 1CVE-2005-3671
https://notcve.org/view.php?id=CVE-2005-3671
The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html http://jvn.jp/niscc/NISCC-273756/index.html http://secunia.com/advisories/17581 http://secunia.com/advisories/17680 http://secunia.com/advisories/17980 http://secunia.com/advisories/18115 http://securitytracker.com/id?1015214 http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp http://www.gentoo.org/security/en/glsa/glsa-200512-04.x •