Vulnerabilities > CVE-2009-0790 - Improper Input Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-0402.NASL description From Red Hat Security Advisory 2009:0402 : Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 67835 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67835 title Oracle Linux 5 : openswan (ELSA-2009-0402) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0402 and # Oracle Linux Security Advisory ELSA-2009-0402 respectively. # include("compat.inc"); if (description) { script_id(67835); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2008-4190", "CVE-2009-0790"); script_bugtraq_id(31243); script_xref(name:"RHSA", value:"2009:0402"); script_name(english:"Oracle Linux 5 : openswan (ELSA-2009-0402)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:0402 : Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. (CVE-2009-0790) It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local attacker could use this flaw to overwrite arbitrary files owned by the user running the script. (CVE-2008-4190) Note: The livetest script is an incomplete feature and was not automatically executed by any other script distributed with Openswan, or intended to be used at all, as was documented in its man page. In these updated packages, the script only prints an informative message and exits immediately when run. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-March/000942.html" ); script_set_attribute( attribute:"solution", value:"Update the affected openswan packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 59); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openswan-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"openswan-2.6.14-1.el5_3.2")) flag++; if (rpm_check(release:"EL5", reference:"openswan-doc-2.6.14-1.el5_3.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan / openswan-doc"); }NASL family SuSE Local Security Checks NASL id SUSE_OPENSWAN-6119.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790). last seen 2020-06-01 modified 2020-06-02 plugin id 36116 published 2009-04-08 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36116 title openSUSE 10 Security Update : openswan (openswan-6119) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openswan-6119. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(36116); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-0790"); script_name(english:"openSUSE 10 Security Update : openswan (openswan-6119)"); script_summary(english:"Check for the openswan-6119 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790)." ); script_set_attribute( attribute:"solution", value:"Update the affected openswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"openswan-2.4.7-64.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan"); }NASL family SuSE Local Security Checks NASL id SUSE_11_STRONGSWAN-090324.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon. (CVE-2009-0790) last seen 2020-06-01 modified 2020-06-02 plugin id 41454 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41454 title SuSE 11 Security Update : strongswan (SAT Patch Number 677) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41454); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0790"); script_name(english:"SuSE 11 Security Update : strongswan (SAT Patch Number 677)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon. (CVE-2009-0790)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=487762" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0790.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 677."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:strongswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:strongswan-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLES11", sp:0, reference:"strongswan-4.2.8-1.22.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"strongswan-doc-4.2.8-1.22.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_STRONGSWAN-6116.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon. (CVE-2009-0790) last seen 2020-06-01 modified 2020-06-02 plugin id 41586 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41586 title SuSE 10 Security Update : strongswan (ZYPP Patch Number 6116) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41586); script_version ("1.9"); script_cvs_date("Date: 2019/10/25 13:36:37"); script_cve_id("CVE-2009-0790"); script_name(english:"SuSE 10 Security Update : strongswan (ZYPP Patch Number 6116)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon. (CVE-2009-0790)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0790.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6116."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:2, reference:"strongswan-4.1.10-0.7")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"strongswan-doc-4.1.10-0.7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_1_STRONGSWAN-090324.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790). last seen 2020-06-01 modified 2020-06-02 plugin id 40311 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40311 title openSUSE Security Update : strongswan (strongswan-676) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update strongswan-676. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40311); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-0790"); script_name(english:"openSUSE Security Update : strongswan (strongswan-676)"); script_summary(english:"Check for the strongswan-676 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=487762" ); script_set_attribute( attribute:"solution", value:"Update the affected strongswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:strongswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"strongswan-4.2.8-1.24.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "strongswan"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-0402.NASL description Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 43738 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43738 title CentOS 5 : openswan (CESA-2009:0402) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:0402 and # CentOS Errata and Security Advisory 2009:0402 respectively. # include("compat.inc"); if (description) { script_id(43738); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2008-4190", "CVE-2009-0790"); script_bugtraq_id(31243); script_xref(name:"RHSA", value:"2009:0402"); script_name(english:"CentOS 5 : openswan (CESA-2009:0402)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. (CVE-2009-0790) It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local attacker could use this flaw to overwrite arbitrary files owned by the user running the script. (CVE-2008-4190) Note: The livetest script is an incomplete feature and was not automatically executed by any other script distributed with Openswan, or intended to be used at all, as was documented in its man page. In these updated packages, the script only prints an informative message and exits immediately when run. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2009-April/015746.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6f78abf9" ); # https://lists.centos.org/pipermail/centos-announce/2009-April/015747.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?567d2598" ); script_set_attribute( attribute:"solution", value:"Update the affected openswan packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 59); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openswan-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2008/09/24"); script_set_attribute(attribute:"patch_publication_date", value:"2009/04/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"openswan-2.6.14-1.el5_3.2")) flag++; if (rpm_check(release:"CentOS-5", reference:"openswan-doc-2.6.14-1.el5_3.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan / openswan-doc"); }NASL family SuSE Local Security Checks NASL id SUSE_OPENSWAN-6117.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon. (CVE-2009-0790) last seen 2020-06-01 modified 2020-06-02 plugin id 41574 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41574 title SuSE 10 Security Update : openswan (ZYPP Patch Number 6117) NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPENSWAN-090324.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790). last seen 2020-06-01 modified 2020-06-02 plugin id 40086 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40086 title openSUSE Security Update : openswan (openswan-687) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENSWAN-090324.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon. (CVE-2009-0790) last seen 2020-06-01 modified 2020-06-02 plugin id 41444 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41444 title SuSE 11 Security Update : openswan (SAT Patch Number 678) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200909-05.NASL description The remote host is affected by the vulnerability described in GLSA-200909-05 (Openswan: Denial of Service) Multiple vulnerabilities have been discovered in Openswan: Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer Detection of the pluto IKE daemon as included in Openswan (CVE-2009-0790). The Orange Labs vulnerability research team discovered multiple vulnerabilities in the ASN.1 parser (CVE-2009-2185). Impact : A remote attacker could exploit these vulnerabilities by sending specially crafted R_U_THERE or R_U_THERE_ACK packets, or a specially crafted X.509 certificate containing a malicious Relative Distinguished Name (RDN), UTCTIME string or GENERALIZEDTIME string to cause a Denial of Service of the pluto IKE daemon. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 40913 published 2009-09-10 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40913 title GLSA-200909-05 : Openswan: Denial of Service NASL family Scientific Linux Local Security Checks NASL id SL_20090330_OPENSWAN_ON_SL5_X.NASL description Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 60558 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60558 title Scientific Linux Security Update : openswan on SL5.x i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0402.NASL description Updated openswan packages that fix various security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 36065 published 2009-03-31 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36065 title RHEL 5 : openswan (RHSA-2009:0402) NASL family Fedora Local Security Checks NASL id FEDORA_2009-7423.NASL description - Mon Jul 6 2009 Avesh Agarwal <avagarwa at redhat.com> - 2.6.21-2 - Openswan ASN.1 parser vulnerability (CVE-2009-2185) - Mon Mar 30 2009 Avesh Agarwal <avagarwa at redhat.com> - 2.6.21-1 - new upstream release - Fix for CVE-2009-0790 DPD crasher - Fix remaining SADB_EXT_MAX -> K_SADB_EXT_MAX entries - Fix ipsec setup --status not showing amount of tunnels with netkey - Wed Dec 17 2008 Avesh Agarwal <avagarwa at redhat.com> - 2.6.19-1 - new upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39772 published 2009-07-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39772 title Fedora 10 : openswan-2.6.21-2.fc10 (2009-7423) NASL family SuSE Local Security Checks NASL id SUSE_11_0_STRONGSWAN-090324.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790). last seen 2020-06-01 modified 2020-06-02 plugin id 40136 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40136 title openSUSE Security Update : strongswan (strongswan-676) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1759.NASL description Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for linux, is prone to a denial of service attack via a malicious packet. last seen 2020-06-01 modified 2020-06-02 plugin id 36052 published 2009-03-31 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36052 title Debian DSA-1759-1 : strongswan - denial of service NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPENSWAN-090324.NASL description By sending a specially crafted Dead Peer Detection (DPD) packet remote attackers could crash the pluto IKE daemon (CVE-2009-0790). last seen 2020-06-01 modified 2020-06-02 plugin id 40287 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40287 title openSUSE Security Update : openswan (openswan-687) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1760.NASL description Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-4190 Dmitry E. Oboukhov discovered that the livetest tool is using temporary files insecurely, which could lead to a denial of service attack. - CVE-2009-0790 Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone to a denial of service attack via a malicious packet. last seen 2020-06-01 modified 2020-06-02 plugin id 36053 published 2009-03-31 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36053 title Debian DSA-1760-1 : openswan - denial of service
Oval
| accepted | 2013-04-29T04:12:02.808-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11171 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34296 CVE(CAN) ID: CVE-2009-0790 Openswan和strongSwan都是Linux系统下的IPSEC实现。 死亡对等体检测(DPD)是IPsec IKE通知消息,使用ICOOKIE/RCOOKIE机制将入站报文匹配到已知的安全关联(ISAKMP)。在一个端点的ISAKMP状态已过期但另一个端点仍在使用旧状态发送DPD通知的情况下,如果远程攻击者向Openswan和strongSwan发送了恶意的R_U_THERE或 R_U_THERE_ACK通知报文的话,就会在不存在的状态对象st上触发空指针引用,导致pluto IKE守护程序崩溃并重启。 由于这种状态查询是在加密或解密之前执行的,因此可无需经过phase1(ISAKMP)协商便触发这个漏洞。 Openswan Openswan < 2.6.21 strongSwan strongSwan < 4.2.14 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1759-1)以及相应补丁: DSA-1759-1:New strongswan packages fix denial of service 链接:<a href=http://www.debian.org/security/2009/dsa-1759 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1759</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc</a> Size/MD5 checksum: 811 15760a0423c8cf0829c0f71d5424ab27 <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz</a> Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz</a> Size/MD5 checksum: 57545 276bae2bae3230bcef527b44f3b9fb99 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb</a> Size/MD5 checksum: 1197696 7fc7c6438f1c2739373c193784934461 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb</a> Size/MD5 checksum: 1100438 4004ce8cfc2b2de41712a4d73a520de2 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb</a> Size/MD5 checksum: 1070794 dc1e10007ea82d547591052d032e0216 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb</a> Size/MD5 checksum: 1136062 9f5996ea05d930e0a7a361336263be58 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb</a> Size/MD5 checksum: 1051780 25b41b38e8698a6f61b3f4f523ca52c7 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb</a> Size/MD5 checksum: 1454480 19818a3ec7756710ea1abfdbd9ebadcc mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb</a> Size/MD5 checksum: 1124636 be7189aac59d98fbec7a9bf9a5f7b74d mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb</a> Size/MD5 checksum: 1130402 25bdc2ca2651db73a88f079902a35f43 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb</a> Size/MD5 checksum: 1097994 e1eb29c9c4dd776259178308a6b40a04 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb</a> Size/MD5 checksum: 1084268 90b6459bb59a264eaf1aa2b26ed82acd sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb</a> Size/MD5 checksum: 1024106 9ad2a093d9efad364a0eb80a0f20057f Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc</a> Size/MD5 checksum: 1310 c6dc3521aee080f275ea0f65ded35bca <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz</a> Size/MD5 checksum: 57299 b6d1af4a7144d5289400f35dcd18eb5e <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz</a> Size/MD5 checksum: 3295212 92ddfaedd6698bc6640927def271d476 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb</a> Size/MD5 checksum: 1301122 7c83dcbdcdb177e9bc83361d4c064f6d amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb</a> Size/MD5 checksum: 1178112 875f877f564c88b885ebf68be2478f0c arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb</a> Size/MD5 checksum: 1034248 3c20d44508cc5255c3e6ad74cf9cac9c armel architecture (ARM EABI) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb</a> Size/MD5 checksum: 1034868 457ca8749ced0c177c5825ca953423e7 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb</a> Size/MD5 checksum: 1214270 353bde7aacb7e5a875ba8d715da70caa i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb</a> Size/MD5 checksum: 1099806 02a117d38e15ecf3e0b2667985b7710e ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb</a> Size/MD5 checksum: 1615308 d0f1ed5581a772eecf3801a45d57ab95 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb</a> Size/MD5 checksum: 1158540 656a66202077e4f55d24433af6ab3ce5 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb</a> Size/MD5 checksum: 1157848 614cad1bdd081160a3fe74e3d1e4e902 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb</a> Size/MD5 checksum: 1228470 6dbb9fa6379444c2f0cebba7fc417027 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb</a> Size/MD5 checksum: 1258802 d92712a84cbb2d2c181546927d4f9f36 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb</a> Size/MD5 checksum: 1142494 cd69f7750be1e6cc0e83003e74480bde 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:0402-01)以及相应补丁: RHSA-2009:0402-01:Important: openswan security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0402.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0402.html</a> Openswan -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.openswan.org/CVE-2009-0790/ target=_blank rel=external nofollow>http://www.openswan.org/CVE-2009-0790/</a> |
| id | SSV:4971 |
| last seen | 2017-11-19 |
| modified | 2009-04-01 |
| published | 2009-04-01 |
| reporter | Root |
| title | Openswan和strongSwan DPD报文远程拒绝服务漏洞 |
References
- http://download.strongswan.org/CHANGES4.txt
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://secunia.com/advisories/34472
- http://secunia.com/advisories/34483
- http://secunia.com/advisories/34494
- http://secunia.com/advisories/34546
- http://www.debian.org/security/2009/dsa-1759
- http://www.debian.org/security/2009/dsa-1760
- http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt
- http://www.redhat.com/support/errata/RHSA-2009-0402.html
- http://www.securityfocus.com/archive/1/502270/100/0/threaded
- http://www.securityfocus.com/bid/34296
- http://www.securitytracker.com/id?1021949
- http://www.securitytracker.com/id?1021950
- http://www.vupen.com/english/advisories/2009/0886
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49523
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171