Download
| Alert*
oval:org.secpod.oval:def:78190
strongswan: IPsec VPN solution strongSwan could crash or allow unintended access to network services. oval:org.secpod.oval:def:703633 libstrongswan is installed oval:org.secpod.oval:def:78154 Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. When using EAP authentication , the successful completion of ... oval:org.secpod.oval:def:88411 Lahav Schlesinger discovered a vulnerability in the revocation plugin of strongSwan, an IKE/IPsec suite. The revocation plugin uses OCSP URIs and CRL distribution points which come from certificates provided by the remote endpoint. The plugin didn"t check for the certificate chain of trust before u ... oval:org.secpod.oval:def:88607 strongswan: IPsec VPN solution strongSwan could be made do denial of service if it received a specially crafted certificate. oval:org.secpod.oval:def:707746 strongswan: IPsec VPN solution strongSwan could be made do denial of service if it received a specially crafted certificate. oval:org.secpod.oval:def:605777 Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. When using EAP authentication , the successful completion of ... oval:org.secpod.oval:def:75988 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:706185 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:47604 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:51021 strongswan: IPsec VPN solution Several security issues were fixed in strongSwan. oval:org.secpod.oval:def:602911 Two denial of service vulnerabilities were identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. CVE-2017-9022 RSA public keys passed to the gmp plugin aren"t validated sufficiently before attempting signature verification, so that invalid input might lead to a float ... oval:org.secpod.oval:def:703774 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:51881 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:703629 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:603086 A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process cr ... oval:org.secpod.oval:def:51805 strongswan: IPsec VPN solution strongSwan could be made to crash or hang if it received specially crafted network traffic. oval:org.secpod.oval:def:51132 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:704327 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:708594 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:96448 strongswan: IPsec VPN solution strongSwan could be made to crash or run programs if it received specially crafted network traffic. |