CVE-2013-2054
https://notcve.org/view.php?id=CVE-2013-2054
Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054. Desbordamiento de buffer en la función atodn en strongSwan v2.0.0 hasta v4.3.4, cuando está activada "Opportunistic Encryption" y se usa una clave RSA, permite a atacantes remotos provocar una denegación de servicio (caida del demonio IKE) y posiblemente ejecutar código a través de registros DNS TXT. NOTA: esta podría ser la misma vulnerabilidad que CVE-2013-2053 y CVE-2013-2054. • http://download.strongswan.org/security/CVE-2013-2054/CVE-2013-2054.txt http://www.securityfocus.com/bid/59837 https://lists.libreswan.org/pipermail/swan-announce/2013/000003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2388
https://notcve.org/view.php?id=CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." El GMP Plugin en strongSwan v4.2.0 hasta v4.6.3 permite a atacantes remotos evitar la autenticación a través de una firma RSA (1) vacía o (2) completada con ceros, también conocido como "Vulnerabilidad de verficación de firma RSA". • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html http://osvdb.org/82587 http://secunia.com/advisories/49315 http://secunia.com/advisories/49336 http://secunia.com/advisories/49370 http://secunia.com/advisories/55051 http://www.debian.org/security/2012/dsa-2483 http://www.securityfocus.com/bid/53752 http://www.securitytracker.com/id?1027110 http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html https:/ • CWE-287: Improper Authentication •
CVE-2009-2661
https://notcve.org/view.php?id=CVE-2009-2661
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. La función asn1_length en strongSwan 2.8 antes de 2.8.11, 4.2 antes de 4.2.17 y 4.3 antes de 4.3.3 no maneja adecuadamente certificados X.509 con Relative Distinguished Names (RDNs) modificados, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio pluto IKE) mediante datos ASN.1 malformados. NOTA: Esto es debido a una solución incompleta de CVE-2009-2185. • http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://secunia.com/advisories/36922 http://up2date.astaro.com/2009/08/up2date_7505_released.html http://www.debian.org/security/2009/dsa-1899 http:// • CWE-310: Cryptographic Issues •
CVE-2009-2185 – Openswan ASN.1 parser vulnerability
https://notcve.org/view.php?id=CVE-2009-2185
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. El analizador ASN.1 pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) en (a) strongSwan v2.8 anterior a v2.8.10, v4.2 anterior a v4.2.16, y v4.3 anterior a v4.3.2; y (b) openSwan v2.6 anterior a v2.6.22 y v2.4 anterior a v2.4.15 permite a atacantes remotos provocar una denegación de servicio (caída del demonio IKE pluto) a través de un certificado X.509 con (1) Nombres Caracterizados Relativos (RDNs) (2) una cadena UTCTIME manipulada, o (3) una cadena GENERALIZEDTIME manipulada. • http://download.strongswan.org/CHANGES2.txt http://download.strongswan.org/CHANGES4.txt http://download.strongswan.org/CHANGES42.txt http://secunia.com/advisories/35522 http://secunia.com/advisories/35698 http://secunia.com/advisories/35740 http://secunia.com/advisories/35804 http://secunia.com/advisories/36922 http://secunia.com/advisories/36950 http://secunia.com/advisories/37504 http://up2date.astaro.com/2009/07/up2date_7404_released.html http://www.debian.org/security/2009/ • CWE-20: Improper Input Validation •
CVE-2009-1957
https://notcve.org/view.php?id=CVE-2009-1957
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. charon/sa/ike_sa.c del demonio charon de strongSWAN anterior a v4.3.1, permite a atacantes remotos provocar una denegación de servicio (referenca a puntero nulo y caída) a través de una solicitud IKE_SA_INIT no válida que provoca "un estado incompleto", seguido de una solicitud CREATE_CHILD_SA. • http://download.strongswan.org/CHANGES4.txt http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35296 http://secunia.com/advisories/35685 http://secunia.com/advisories/36922 http://www.debian.org/security/2009/dsa-1899 http:& • CWE-399: Resource Management Errors •