Vulnerabilities > CVE-2011-3380 - Unspecified vulnerability in Xelerance Openswan

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
xelerance
nessus

Summary

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-13864.NASL
    descriptionFixes for CVE-2011-3380. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56488
    published2011-10-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56488
    titleFedora 14 : openswan-2.6.33-2.fc14 (2011-13864)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-13864.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56488);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_xref(name:"FEDORA", value:"2011-13864");
    
      script_name(english:"Fedora 14 : openswan-2.6.33-2.fc14 (2011-13864)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes for CVE-2011-3380.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068045.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?63487bbb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openswan package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"openswan-2.6.33-2.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-13825.NASL
    descriptionCVE-2011-3380 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56518
    published2011-10-17
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56518
    titleFedora 16 : openswan-2.6.36-1.fc16 (2011-13825)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-13825.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56518);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_xref(name:"FEDORA", value:"2011-13825");
    
      script_name(english:"Fedora 16 : openswan-2.6.36-1.fc16 (2011-13825)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2011-3380
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068085.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?475cae3a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openswan package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC16", reference:"openswan-2.6.36-1.fc16")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2011-06.NASL
    descriptionWhen an ISAKMP message with an invalid KEY_LENGTH attribute is received, the error handling function crashes on a NULL pointer dereference. Openswan automatically restarts the pluto IKE daemon but all ISAKMP state is lost. This vulnerability does NOT allow an attacker access to the system. This can be used to launch a denial of service attack by sending repeated IKE packets with the invalid key length attribute.
    last seen2020-06-01
    modified2020-06-02
    plugin id69565
    published2013-09-04
    reporterThis script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69565
    titleAmazon Linux AMI : openswan (ALAS-2011-06)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2011-06.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69565);
      script_version("$Revision: 1.4 $");
      script_cvs_date("$Date: 2015/01/30 14:43:52 $");
    
      script_cve_id("CVE-2011-3380");
      script_xref(name:"ALAS", value:"2011-06");
      script_xref(name:"RHSA", value:"2011:1356");
    
      script_name(english:"Amazon Linux AMI : openswan (ALAS-2011-06)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "When an ISAKMP message with an invalid KEY_LENGTH attribute is
    received, the error handling function crashes on a NULL pointer
    dereference. Openswan automatically restarts the pluto IKE daemon but
    all ISAKMP state is lost. This vulnerability does NOT allow an
    attacker access to the system. This can be used to launch a denial of
    service attack by sending repeated IKE packets with the invalid key
    length attribute."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2011-6.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum upgrade openswan' to upgrade your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openswan");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openswan-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openswan-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/AmazonLinux/release")) audit(AUDIT_OS_NOT, "Amazon Linux AMI");
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"openswan-2.6.36-1.12.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openswan-debuginfo-2.6.36-1.12.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openswan-doc-2.6.36-1.12.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan / openswan-debuginfo / openswan-doc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1356.NASL
    descriptionFrom Red Hat Security Advisory 2011:1356 : Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan
    last seen2020-06-01
    modified2020-06-02
    plugin id68365
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68365
    titleOracle Linux 6 : openswan (ELSA-2011-1356)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2011:1356 and 
    # Oracle Linux Security Advisory ELSA-2011-1356 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68365);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:09");
    
      script_cve_id("CVE-2011-3380");
      script_xref(name:"RHSA", value:"2011:1356");
    
      script_name(english:"Oracle Linux 6 : openswan (ELSA-2011-1356)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2011:1356 :
    
    Updated openswan packages that fix one security issue are now
    available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    Openswan is a free implementation of Internet Protocol Security
    (IPsec) and Internet Key Exchange (IKE). IPsec uses strong
    cryptography to provide both authentication and encryption services.
    These services allow you to build secure tunnels through untrusted
    networks.
    
    A NULL pointer dereference flaw was found in the way Openswan's pluto
    IKE daemon handled certain error conditions. A remote, unauthenticated
    attacker could send a specially crafted IKE packet that would crash
    the pluto daemon. (CVE-2011-3380)
    
    Red Hat would like to thank the Openswan project for reporting this
    issue. Upstream acknowledges Paul Wouters as the original reporter.
    
    All users of openswan are advised to upgrade to these updated
    packages, which contain a backported patch to correct this issue.
    After installing this update, the ipsec service will be restarted
    automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2011-October/002389.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openswan packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openswan");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openswan-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"openswan-2.6.32-4.el6_1.2")) flag++;
    if (rpm_check(release:"EL6", reference:"openswan-doc-2.6.32-4.el6_1.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan / openswan-doc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1356.NASL
    descriptionUpdated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan
    last seen2020-06-01
    modified2020-06-02
    plugin id56405
    published2011-10-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56405
    titleRHEL 6 : openswan (RHSA-2011:1356)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1356. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56405);
      script_version ("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2011-3380");
      script_xref(name:"RHSA", value:"2011:1356");
    
      script_name(english:"RHEL 6 : openswan (RHSA-2011:1356)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated openswan packages that fix one security issue are now
    available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. A Common Vulnerability Scoring System (CVSS)
    base score, which gives a detailed severity rating, is available from
    the CVE link in the References section.
    
    Openswan is a free implementation of Internet Protocol Security
    (IPsec) and Internet Key Exchange (IKE). IPsec uses strong
    cryptography to provide both authentication and encryption services.
    These services allow you to build secure tunnels through untrusted
    networks.
    
    A NULL pointer dereference flaw was found in the way Openswan's pluto
    IKE daemon handled certain error conditions. A remote, unauthenticated
    attacker could send a specially crafted IKE packet that would crash
    the pluto daemon. (CVE-2011-3380)
    
    Red Hat would like to thank the Openswan project for reporting this
    issue. Upstream acknowledges Paul Wouters as the original reporter.
    
    All users of openswan are advised to upgrade to these updated
    packages, which contain a backported patch to correct this issue.
    After installing this update, the ipsec service will be restarted
    automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-3380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:1356"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected openswan, openswan-debuginfo and / or openswan-doc
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openswan");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openswan-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openswan-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:1356";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openswan-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openswan-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openswan-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openswan-debuginfo-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openswan-debuginfo-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openswan-debuginfo-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"openswan-doc-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"openswan-doc-2.6.32-4.el6_1.2")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"openswan-doc-2.6.32-4.el6_1.2")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan / openswan-debuginfo / openswan-doc");
      }
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2011-6.NASL
    descriptionA NULL pointer dereference flaw was found in the way Openswan
    last seen2020-06-01
    modified2020-06-02
    plugin id78267
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78267
    titleAmazon Linux AMI : openswan (ALAS-2011-6)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2011-6.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78267);
      script_version("1.3");
      script_cvs_date("Date: 2018/04/18 15:09:34");
    
      script_cve_id("CVE-2011-3380");
      script_xref(name:"ALAS", value:"2011-6");
      script_xref(name:"RHSA", value:"2011:1356");
    
      script_name(english:"Amazon Linux AMI : openswan (ALAS-2011-6)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A NULL pointer dereference flaw was found in the way Openswan's pluto
    IKE daemon handled certain error conditions. A remote, unauthenticated
    attacker could send a specially crafted IKE packet that would crash
    the pluto daemon."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2011-6.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update openswan' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openswan");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openswan-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:openswan-doc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"openswan-2.6.36-1.12.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openswan-debuginfo-2.6.36-1.12.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"openswan-doc-2.6.36-1.12.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan / openswan-debuginfo / openswan-doc");
    }
    
  • NASL familyMisc.
    NASL idOPENSWAN_IKE_49984.NASL
    descriptionThe remote host is running a version of Openswan prior to version 2.6.36. It is, therefore, affected by a remote denial of service vulnerability due to a NULL pointer dereference flaw. A remote attacker, using a specially crafted ISAKMP message with an invalid KEY_LENGTH attribute, can cause a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id81052
    published2015-01-28
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81052
    titleOpenswan < 2.6.36 IKE Packet NULL Pointer Dereference Remote DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81052);
      script_version("1.5");
      script_cvs_date("Date: 2018/07/16 14:09:13");
    
      script_cve_id("CVE-2011-3380");
      script_bugtraq_id(49984);
    
      script_name(english:"Openswan < 2.6.36 IKE Packet NULL Pointer Dereference Remote DoS");
      script_summary(english:"Checks IKE Device ID for a vulnerable Openswan version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote host is affected by a remote denial of service
    vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Openswan prior to version
    2.6.36. It is, therefore, affected by a remote denial of service
    vulnerability due to a NULL pointer dereference flaw. A remote
    attacker, using a specially crafted ISAKMP message with an invalid
    KEY_LENGTH attribute, can cause a denial of service.");
      script_set_attribute(attribute:"see_also", value:"https://download.openswan.org/openswan/CVE-2011-3380/CVE-2011-3380.txt");
      script_set_attribute(attribute:"solution", value:"Upgrade to Openswan 2.6.36 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/28");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:openswan:openswan");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Misc.");
    
      script_require_ports("Services/udp/ike", 500);
      script_dependencies("ike2_detect.nasl");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    vuln_start = "2.6.29";
    vuln_end = "2.6.35";
    fixed = "2.6.36";
    
    port = get_kb_item("Services/udp/ike");
    if (empty_or_null(port)) audit(AUDIT_NOT_DETECT,"IKE");
    
    kb_list = get_kb_list("Services/ike1/*");
    kb2_list = get_kb_list("Services/ike2/*");
    
    # Combine both IKE and IKEv2 results into one list
    list = "";
    if (! isnull(kb2_list))
    {
      if (! isnull(kb_list))
      {
        list = keys(kb_list);
        list = make_list(list, keys(kb2_list));
      }
      else
      {
        list =  keys(kb2_list);
      }
    }
    else
    {
      if (! isnull(kb_list)) list = keys(kb_list);
      else
      {
        audit(AUDIT_KB_MISSING, "Services/ike/* and Services/ike2/*");
      }
    }
    
    # Check if it was Openswan and which version found.
    software = "";
    version = "";
    
    foreach  item (list)
    {
      if (preg(pattern:"Openswan [0-9.]+",string:item,icase:TRUE))
      {
        foreach ike_name_ver_kb (split(item,sep:' '))
        {
          if (preg(pattern:"\/Openswan",string:ike_name_ver_kb,icase:TRUE))
          {
            path = split(ike_name_ver_kb,sep:'/');
            software = path[2];
          }
          else if (preg(pattern:"[0-9.]+",string:ike_name_ver_kb))
            version = ike_name_ver_kb;
        }
      }
    }
    
    # Check if we have the software name
    if (empty_or_null(software))
      audit(AUDIT_NOT_INST, "Openswan");
    
    # Check if the version was found.
    if (empty_or_null(version))
      audit(AUDIT_UNKNOWN_APP_VER, "Openswan");
    
    vuln = TRUE;
    # Software vuln if between 2.6.29 - 2.6.35
    if (ver_compare(ver:version, fix:fixed, strict:FALSE) >= 0)
    {
      vuln = FALSE;
    }
    else if (ver_compare(ver:version, fix:vuln_start, strict:FALSE) < 0)
    {
      vuln = FALSE;
    }
    else vuln = TRUE;
    
    report = "";
    if (vuln)
    {
      report += software + " is vulnerable to a denial of service attack." + '\n';
      report += "Version found was "+version+'\n';
      report += '\n';
      report += "Update to "+software+" version " + fixed + " or later."+'\n';
    }
    
    if (report)
    {
      register_service(port:port, ipproto:"udp", proto:"openswan");
      if (report_verbosity > 0) security_warning(port:port, proto:'udp', extra:report);
      else security_warning(port:port, proto:'udp');
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-13862.NASL
    descriptionFixes for CVE-2011-3380 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id56487
    published2011-10-14
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/56487
    titleFedora 15 : openswan-2.6.36-1.fc15 (2011-13862)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-13862.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(56487);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:34");
    
      script_xref(name:"FEDORA", value:"2011-13862");
    
      script_name(english:"Fedora 15 : openswan-2.6.36-1.fc15 (2011-13862)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes for CVE-2011-3380
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-October/068017.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?50354305"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openswan package."
      );
      script_set_attribute(attribute:"risk_factor", value:"High");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"openswan-2.6.36-1.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111005_OPENSWAN_ON_SL6_X.NASL
    descriptionOpenswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan
    last seen2020-06-01
    modified2020-06-02
    plugin id61149
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61149
    titleScientific Linux Security Update : openswan on SL6.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61149);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2011-3380");
    
      script_name(english:"Scientific Linux Security Update : openswan on SL6.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Openswan is a free implementation of Internet Protocol Security
    (IPsec) and Internet Key Exchange (IKE). IPsec uses strong
    cryptography to provide both authentication and encryption services.
    These services allow you to build secure tunnels through untrusted
    networks.
    
    A NULL pointer dereference flaw was found in the way Openswan's pluto
    IKE daemon handled certain error conditions. A remote, unauthenticated
    attacker could send a specially crafted IKE packet that would crash
    the pluto daemon. (CVE-2011-3380)
    
    All users of openswan are advised to upgrade to these updated
    packages, which contain a backported patch to correct this issue.
    After installing this update, the ipsec service will be restarted
    automatically."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1110&L=scientific-linux-errata&T=0&P=569
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5d6b1f6d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected openswan, openswan-debuginfo and / or openswan-doc
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/10/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"openswan-2.6.32-4.el6_1.2")) flag++;
    if (rpm_check(release:"SL6", reference:"openswan-debuginfo-2.6.32-4.el6_1.2")) flag++;
    if (rpm_check(release:"SL6", reference:"openswan-doc-2.6.32-4.el6_1.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    

Redhat

advisories
bugzilla
id742065
titleCVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 6 is installed
      ovaloval:com.redhat.rhba:tst:20111656003
    • OR
      • AND
        • commentopenswan is earlier than 0:2.6.32-4.el6_1.2
          ovaloval:com.redhat.rhsa:tst:20111356001
        • commentopenswan is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100892002
      • AND
        • commentopenswan-doc is earlier than 0:2.6.32-4.el6_1.2
          ovaloval:com.redhat.rhsa:tst:20111356003
        • commentopenswan-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20100892004
rhsa
idRHSA-2011:1356
released2011-10-05
severityModerate
titleRHSA-2011:1356: openswan security update (Moderate)
rpms
  • openswan-0:2.6.32-4.el6_1.2
  • openswan-debuginfo-0:2.6.32-4.el6_1.2
  • openswan-doc-0:2.6.32-4.el6_1.2