5

CVE-2009-2185

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
StrongswanStrongswan Version2.8.0
StrongswanStrongswan Version2.8.1
StrongswanStrongswan Version2.8.2
StrongswanStrongswan Version2.8.3
StrongswanStrongswan Version2.8.4
StrongswanStrongswan Version2.8.5
StrongswanStrongswan Version2.8.6
StrongswanStrongswan Version2.8.7
StrongswanStrongswan Version2.8.8
StrongswanStrongswan Version2.8.9
StrongswanStrongswan Version2.8.10
StrongswanStrongswan Version4.1
StrongswanStrongswan Version4.2.0
StrongswanStrongswan Version4.2.1
StrongswanStrongswan Version4.2.2
StrongswanStrongswan Version4.2.3
StrongswanStrongswan Version4.2.4
StrongswanStrongswan Version4.2.5
StrongswanStrongswan Version4.2.6
StrongswanStrongswan Version4.2.7
StrongswanStrongswan Version4.2.8
StrongswanStrongswan Version4.2.9
StrongswanStrongswan Version4.2.10
StrongswanStrongswan Version4.2.11
StrongswanStrongswan Version4.2.12
StrongswanStrongswan Version4.2.13
StrongswanStrongswan Version4.2.14
StrongswanStrongswan Version4.2.15
StrongswanStrongswan Version4.3.0
StrongswanStrongswan Version4.3.1
XeleranceOpenswan Version2.4.0
XeleranceOpenswan Version2.4.1
XeleranceOpenswan Version2.4.2
XeleranceOpenswan Version2.4.3
XeleranceOpenswan Version2.4.4
XeleranceOpenswan Version2.4.5
XeleranceOpenswan Version2.4.9
XeleranceOpenswan Version2.4.10
XeleranceOpenswan Version2.6.03
XeleranceOpenswan Version2.6.04
XeleranceOpenswan Version2.6.05
XeleranceOpenswan Version2.6.06
XeleranceOpenswan Version2.6.07
XeleranceOpenswan Version2.6.08
XeleranceOpenswan Version2.6.09
XeleranceOpenswan Version2.6.10
XeleranceOpenswan Version2.6.11
XeleranceOpenswan Version2.6.12
XeleranceOpenswan Version2.6.13
XeleranceOpenswan Version2.6.14
XeleranceOpenswan Version2.6.15
XeleranceOpenswan Version2.6.16
XeleranceOpenswan Version2.6.17
XeleranceOpenswan Version2.6.18
XeleranceOpenswan Version2.6.19
XeleranceOpenswan Version2.6.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.37% 0.818
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://download.strongswan.org/CHANGES4.txt
Vendor Advisory
http://secunia.com/advisories/36922
http://www.debian.org/security/2009/dsa-1899
http://download.strongswan.org/CHANGES2.txt
Vendor Advisory
http://download.strongswan.org/CHANGES42.txt
Vendor Advisory
http://secunia.com/advisories/35522
Vendor Advisory
http://secunia.com/advisories/35698
http://secunia.com/advisories/35740
http://secunia.com/advisories/35804
http://secunia.com/advisories/36950
http://secunia.com/advisories/37504
http://up2date.astaro.com/2009/07/up2date_7404_released.html
http://www.debian.org/security/2009/dsa-1898
http://www.ingate.com/Relnote.php?ver=481
http://www.redhat.com/support/errata/RHSA-2009-1138.html
http://www.securityfocus.com/bid/35452
Patch
http://www.securitytracker.com/id?1022428
http://www.vupen.com/english/advisories/2009/1639
Vendor Advisory
http://www.vupen.com/english/advisories/2009/1706
http://www.vupen.com/english/advisories/2009/1829
http://www.vupen.com/english/advisories/2009/3354
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html