CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-15836
https://notcve.org/view.php?id=CVE-2018-15836
26 Sep 2018 — In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used. En Openswan en versiones anteriores a la 2.6.50.1, la verificación de firmas IKEv2 es vulnerable a "variantes de ataques de bajo exponente de Bleichenba... • https://github.com/xelerance/Openswan/commit/0b460be9e287fd335c8ce58129c67bf06065ef51 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 1%CPEs: 76EXPL: 0CVE-2013-6466 – openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart
https://notcve.org/view.php?id=CVE-2013-6466
26 Jan 2014 — Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Openswan v2.6.39 y anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y reinicio del demonio IKE) a través de paquetes IKEv2 que cuenten con payloads esperados. Openswan is a free implementation of Internet Protocol Security and Internet Key Exchange. IPsec uses strong cryptography ... • http://rhn.redhat.com/errata/RHSA-2014-0185.html •
CVSS: 9.8EPSS: 1%CPEs: 38EXPL: 0CVE-2013-2053 – Openswan: remote buffer overflow in atodn()
https://notcve.org/view.php?id=CVE-2013-2053
09 Jul 2013 — Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054. Desbordamiento de buffer en la función atodn en Openswan anteriores a v2.6.39, cuando está activada Opportunistic Encryptiony se usa una clave RSA, permit... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00008.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 1%CPEs: 73EXPL: 0CVE-2011-4073 – openswan: use-after-free vulnerability leads to DoS
https://notcve.org/view.php?id=CVE-2011-4073
17 Nov 2011 — Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions. Una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad del manejador auxiliar criptográfico en Openswan versión 2.3.0 hasta 2.6.36, permite a los usuarios autenticados remotos causar una denegación de servi... • http://secunia.com/advisories/46678 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 6%CPEs: 56EXPL: 0CVE-2009-2185 – Openswan ASN.1 parser vulnerability
https://notcve.org/view.php?id=CVE-2009-2185
24 Jun 2009 — The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string. El analizador ASN.1 pluto/asn1.c, libstrongswan/asn1/asn... • http://download.strongswan.org/CHANGES2.txt • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 10%CPEs: 60EXPL: 0CVE-2009-0790 – openswan: ISAKMP DPD remote DoS
https://notcve.org/view.php?id=CVE-2009-0790
01 Apr 2009 — The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. El demonio IKE pluto de Openswan y Strongswan I... • http://download.strongswan.org/CHANGES4.txt • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 41EXPL: 1CVE-2008-4190 – Openswan 2.4.12/2.6.16 - Insecure Temp File Creation Privilege Escalation
https://notcve.org/view.php?id=CVE-2008-4190
24 Sep 2008 — The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled. La herramienta livetest de IPSEC en Openswan versión 2.4.12 y anteriores, y versiones 2.6.x hasta 2.6.16, permite a los usuarios locales sobrescribir archivos arbitrarios y ejecu... • https://www.exploit-db.com/exploits/9135 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •