
CVE-2018-15836
https://notcve.org/view.php?id=CVE-2018-15836
26 Sep 2018 — In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. En Openswan en versiones anteriores a la 2.6.50.1, la verificación de firmas IKEv2 es vulnerable a "variantes de ataques de bajo exponente de Bleichenba... • https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51 • CWE-347: Improper Verification of Cryptographic Signature •

CVE-2013-6466 – openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart
https://notcve.org/view.php?id=CVE-2013-6466
26 Jan 2014 — Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Openswan v2.6.39 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y reinicio del demonio IKE) a través de paquetes IKEv2 que cuenten con payloads esperados. Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography ... • http://rhn.redhat.com/errata/RHSA-2014-0185.html •

CVE-2013-2053 – Openswan: remote buffer overflow in atodn()
https://notcve.org/view.php?id=CVE-2013-2053
09 Jul 2013 — Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054. Desbordamiento de buffer en la función atodn en Openswan anteriores a v2.6.39, cuando está activada Opportunistic Encryptiony se usa una clave RSA, permit... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2008-4190 – Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-4190
24 Sep 2008 — The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled. La herramienta livetest de IPSEC en Openswan versión 2.4.12 y anteriores, y versiones 2.6.x hasta 2.6.16, permite a los usuarios locales sobrescribir archivos arbitrarios y ejecu... • https://www.exploit-db.com/exploits/9135 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVE-2005-3671
https://notcve.org/view.php?id=CVE-2005-3671
18 Nov 2005 — The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html •

CVE-2005-0162
https://notcve.org/view.php?id=CVE-2005-0162
26 Jan 2005 — Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code. • http://secunia.com/advisories/14038 •