Vulnerabilities > CVE-2011-4073 - Resource Management Errors vulnerability in Xelerance Openswan
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2011-15127.NASL description Fixes for CVE-2011-4073. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57071 published 2011-12-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57071 title Fedora 14 : openswan-2.6.33-3.fc14 (2011-15127) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2011-15127. # include("compat.inc"); if (description) { script_id(57071); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:34"); script_cve_id("CVE-2011-4073"); script_xref(name:"FEDORA", value:"2011-15127"); script_name(english:"Fedora 14 : openswan-2.6.33-3.fc14 (2011-15127)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes for CVE-2011-4073. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=748961" ); # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070704.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b949c6a0" ); script_set_attribute( attribute:"solution", value:"Update the affected openswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2011/10/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"openswan-2.6.33-3.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openswan"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1422.NASL description Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 56698 published 2011-11-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56698 title RHEL 5 / 6 : openswan (RHSA-2011:1422) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENSWAN-111114.NASL description openswan last seen 2020-06-01 modified 2020-06-02 plugin id 57125 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57125 title SuSE 11.1 Security Update : openswan (SAT Patch Number 5424) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2374.NASL description The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto. More information can be found in the upstream advisory. last seen 2020-03-17 modified 2012-01-12 plugin id 57514 published 2012-01-12 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57514 title Debian DSA-2374-1 : openswan - implementation error NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1422.NASL description From Red Hat Security Advisory 2011:1422 : Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 68381 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68381 title Oracle Linux 5 / 6 : openswan (ELSA-2011-1422) NASL family SuSE Local Security Checks NASL id SUSE_OPENSWAN-7836.NASL description openswan last seen 2020-06-01 modified 2020-06-02 plugin id 57237 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57237 title SuSE 10 Security Update : openswan (ZYPP Patch Number 7836) NASL family Fedora Local Security Checks NASL id FEDORA_2011-15196.NASL description new upstream release for CVE-2011-4073 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57072 published 2011-12-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57072 title Fedora 16 : openswan-2.6.37-1.fc16 (2011-15196) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1422.NASL description Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 56694 published 2011-11-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56694 title CentOS 5 : openswan (CESA-2011:1422) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-18.NASL description A use-after-free flaw was found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 69577 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69577 title Amazon Linux AMI : openswan (ALAS-2011-18) NASL family Scientific Linux Local Security Checks NASL id SL_20111102_OPENSWAN_ON_SL5_X.NASL description Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan last seen 2020-06-01 modified 2020-06-02 plugin id 61167 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61167 title Scientific Linux Security Update : openswan on SL5.x, SL6.x i386/x86_64 NASL family Misc. NASL id OPENSWAN_IKE_50440.NASL description The remote host is running a version of Openswan prior to version 2.6.37. It is, therefore, affected by a remote denial of service vulnerability due to a use-after-free flaw in the cryptographic helper handler. A remote attacker can exploit this issue to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 81053 published 2015-01-28 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81053 title Openswan < 2.6.37 Cryptographic Helper Use-After-Free Remote DoS NASL family Fedora Local Security Checks NASL id FEDORA_2011-15077.NASL description New upstream release for CVE-2011-4073 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57070 published 2011-12-12 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57070 title Fedora 15 : openswan-2.6.37-1.fc15 (2011-15077) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201203-13.NASL description The remote host is affected by the vulnerability described in GLSA-201203-13 (Openswan: Denial of Service) Two vulnerabilities have been found in Openswan: Improper permissions are used on /var/run/starter.pid and /var/lock/subsys/ipsec (CVE-2011-2147). Openswan contains a use-after-free error in the cryptographic helper handler (CVE-2011-4073). Impact : A remote authenticated attacker or a local attacker may be able to cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 58378 published 2012-03-19 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58378 title GLSA-201203-13 : Openswan: Denial of Service
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://secunia.com/advisories/46678
- http://secunia.com/advisories/46681
- http://secunia.com/advisories/47342
- http://www.debian.org/security/2011/dsa-2374
- http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
- http://www.redhat.com/support/errata/RHSA-2011-1422.html
- http://www.securityfocus.com/bid/50440
- http://www.securitytracker.com/id?1026268