CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15836
https://notcve.org/view.php?id=CVE-2018-15836
26 Sep 2018 — In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. En Openswan en versiones anteriores a la 2.6.50.1, la verificación de firmas IKEv2 es vulnerable a "variantes de ataques de bajo exponente de Bleichenba... • https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 1%CPEs: 76EXPL: 0CVE-2013-6466 – openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart
https://notcve.org/view.php?id=CVE-2013-6466
26 Jan 2014 — Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Openswan v2.6.39 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y reinicio del demonio IKE) a través de paquetes IKEv2 que cuenten con payloads esperados. Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography ... • http://rhn.redhat.com/errata/RHSA-2014-0185.html •
CVSS: 9.8EPSS: 1%CPEs: 38EXPL: 0CVE-2013-2053 – Openswan: remote buffer overflow in atodn()
https://notcve.org/view.php?id=CVE-2013-2053
09 Jul 2013 — Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054. Desbordamiento de buffer en la función atodn en Openswan anteriores a v2.6.39, cuando está activada Opportunistic Encryptiony se usa una clave RSA, permit... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 1%CPEs: 73EXPL: 0CVE-2011-4073 – openswan: use-after-free vulnerability leads to DoS
https://notcve.org/view.php?id=CVE-2011-4073
17 Nov 2011 — Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. Una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad del manejador auxiliar criptográfico en Openswan versión 2.3.0 hasta 2.6.36, permite a los usuarios autenticados remotos causar una denegación de servi... • http://secunia.com/advisories/46678 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2011-3380 – openswan: IKE invalid key length allows remote unauthenticated user to crash openswan
https://notcve.org/view.php?id=CVE-2011-3380
17 Nov 2011 — Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. Openswan v2.6.29 a través de v2.6.35 permite a atacantes remotos provocar una denegación de servicio (puntero a NULL y Plutón accidente demonio IKE) a través de un mensaje ISAKMP con un atributo no válido key_length, que no se gestiona adecuadamente po... • http://secunia.com/advisories/46306 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2147
https://notcve.org/view.php?id=CVE-2011-2147
20 May 2011 — Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784. Openswan v2.2.x no restringe correctamente los permisos para (1) /var/run/starter.pid, relacionados con starte... • http://lists.debian.org/debian-security/2011/05/msg00012.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2010-3752 – Openswan: Gateway arbitrary code execution via shell metacharacters in cisco_dns_info or cisco_domain_info data in packet
https://notcve.org/view.php?id=CVE-2010-3752
05 Oct 2010 — programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302. programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 permite ejecutar, a gateways autenticados remotos, comandos de su elección a través de metacaracteres encubiertos en el campo cisco_banner (también conocido como server_ba... • http://www.openswan.org/download/CVE-2010-3302/CVE-2010-3302.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3753 – Openswan: Gateway arbitrary execution via shell metacharacters in the cisco_banner
https://notcve.org/view.php?id=CVE-2010-3753
05 Oct 2010 — programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308. programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 permite ejecutar, a gateways autenticados remotos, comandos de su elección a través de metacaracteres encubiertos en el campo cisco_banner (también conocido como server_banner). Se trata de... • http://www.openswan.org/download/CVE-2010-3308/CVE-2010-3308.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2010-3302 – openswan: buffer overflow vulnerability in XAUTH client-side support
https://notcve.org/view.php?id=CVE-2010-3302
05 Oct 2010 — Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet. Desbordamiento de búfer en programs/pluto/xauth.c en el cliente en Openswan v2.6.25 a v2.6.28 podría permitir ejecutar código de su elección a través de puertas de enlace remoto autenticadas o causar una denegación de servicio a través de datos demasiado... • http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 4%CPEs: 3EXPL: 0CVE-2010-3308 – Openswan cisco banner option handling vulnerability
https://notcve.org/view.php?id=CVE-2010-3308
05 Oct 2010 — Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field. Desbordamiento de búfer en programs/pluto/xauth.c en el cliente en Openswan v2.6.26 a v2.6.28 podría permitir ejecutar código de su elección a gateways autenticados remotos o causar una denegación de servicio a través de valor excesivamente largo en cisco_banner (también co... • http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048999.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •