[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2009-2185Date: (C)2009-06-24   (M)2018-06-11


The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 5.0
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1022428
BID-35452
SECUNIA-35522
SECUNIA-35698
SECUNIA-35740
SECUNIA-35804
SECUNIA-36922
SECUNIA-36950
SECUNIA-37504
ADV-2009-1639
ADV-2009-1706
ADV-2009-1829
ADV-2009-3354
DSA-1898
DSA-1899
FEDORA-2009-7423
FEDORA-2009-7478
RHSA-2009:1138
http://download.strongswan.org/CHANGES2.txt
http://download.strongswan.org/CHANGES4.txt
http://download.strongswan.org/CHANGES42.txt
http://up2date.astaro.com/2009/07/up2date_7404_released.html
http://www.ingate.com/Relnote.php?ver=481

CPE    55
cpe:/a:openswan:openswan:2.6.19
cpe:/a:openswan:openswan:2.6.17
cpe:/a:openswan:openswan:2.6.18
cpe:/a:openswan:openswan:2.6.20
...
CWE    1
CWE-20
OVAL    9
oval:org.secpod.oval:def:600430
oval:org.mitre.oval:def:8369
oval:org.mitre.oval:def:8047
oval:org.secpod.oval:def:101607
...

© SecPod Technologies