Vulnerabilities > CVE-2009-2661 - Cryptographic Issues vulnerability in Strongswan
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPENSWAN-090909.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41043 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41043 title openSUSE Security Update : openswan (openswan-1285) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openswan-1285. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(41043); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2661"); script_name(english:"openSUSE Security Update : openswan (openswan-1285)"); script_summary(english:"Check for the openswan-1285 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=525388" ); script_set_attribute( attribute:"solution", value:"Update the affected openswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"openswan-2.6.16-1.49.3") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan"); }NASL family SuSE Local Security Checks NASL id SUSE_11_OPENSWAN-090909.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41446 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41446 title SuSE 11 Security Update : openswan (SAT Patch Number 1296) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41446); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2661"); script_name(english:"SuSE 11 Security Update : openswan (SAT Patch Number 1296)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=525388" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2661.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1296."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:openswan-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLES11", sp:0, reference:"openswan-2.6.16-1.34.3")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"openswan-doc-2.6.16-1.34.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPENSWAN-090908.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41037 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41037 title openSUSE Security Update : openswan (openswan-1285) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openswan-1285. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(41037); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-2661"); script_name(english:"openSUSE Security Update : openswan (openswan-1285)"); script_summary(english:"Check for the openswan-1285 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=525388" ); script_set_attribute( attribute:"solution", value:"Update the affected openswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"openswan-2.4.7-130.6") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan"); }NASL family SuSE Local Security Checks NASL id SUSE_11_STRONGSWAN-090908.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41457 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41457 title SuSE 11 Security Update : strongswan (SAT Patch Number 1283) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41457); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-2661"); script_name(english:"SuSE 11 Security Update : strongswan (SAT Patch Number 1283)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=520582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=524799" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=525388" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-2661.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1283."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(310); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:strongswan"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:strongswan-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLES11", sp:0, reference:"strongswan-4.2.8-1.27.2")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"strongswan-doc-4.2.8-1.27.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1899.NASL description Several remote vulnerabilities have been discovered in strongswan, an implementation of the IPSEC and IKE protocols. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1957 CVE-2009-1958 The charon daemon can crash when processing certain crafted IKEv2 packets. (The old stable distribution (etch) was not affected by these two problems because it lacks IKEv2 support.) - CVE-2009-2185 CVE-2009-2661 The pluto daemon could crash when processing a crafted X.509 certificate. last seen 2020-06-01 modified 2020-06-02 plugin id 44764 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44764 title Debian DSA-1899-1 : strongswan - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_0_STRONGSWAN-090906.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41038 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41038 title openSUSE Security Update : strongswan (strongswan-1281) NASL family SuSE Local Security Checks NASL id SUSE_STRONGSWAN-6480.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41589 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41589 title SuSE 10 Security Update : strongswan (ZYPP Patch Number 6480) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1138.NASL description Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Multiple insufficient input validation flaws were found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 39597 published 2009-07-03 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39597 title RHEL 5 : openswan (RHSA-2009:1138) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1138.NASL description From Red Hat Security Advisory 2009:1138 : Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Multiple insufficient input validation flaws were found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 67887 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67887 title Oracle Linux 5 : openswan (ELSA-2009-1138) NASL family SuSE Local Security Checks NASL id SUSE_OPENSWAN-6481.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 42028 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42028 title openSUSE 10 Security Update : openswan (openswan-6481) NASL family SuSE Local Security Checks NASL id SUSE_OPENSWAN-6478.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41576 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41576 title SuSE 10 Security Update : openswan (ZYPP Patch Number 6478) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1138.NASL description Updated openswan packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Multiple insufficient input validation flaws were found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 43765 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43765 title CentOS 5 : openswan (CESA-2009:1138) NASL family SuSE Local Security Checks NASL id SUSE_11_1_STRONGSWAN-090908.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41044 published 2009-09-22 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41044 title openSUSE Security Update : strongswan (strongswan-1281) NASL family SuSE Local Security Checks NASL id SUSE_STRONGSWAN-6529.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 49926 published 2010-10-11 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49926 title SuSE 10 Security Update : strongswan (ZYPP Patch Number 6529) NASL family SuSE Local Security Checks NASL id SUSE9_12503.NASL description The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. (CVE-2009-2661) This could lead to crashes of the pluto IKE daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 41621 published 2009-09-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41621 title SuSE9 Security Update : freeswan (YOU Patch Number 12503)
References
- http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch
- http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://secunia.com/advisories/36922
- http://up2date.astaro.com/2009/08/up2date_7505_released.html
- http://www.debian.org/security/2009/dsa-1899
- http://www.openwall.com/lists/oss-security/2009/07/27/1
- http://www.vupen.com/english/advisories/2009/2247
- https://lists.strongswan.org/pipermail/announce/2009-July/000056.html