[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-2185

Date: (C)2009-06-24   (M)2017-10-04
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

Reference:
SECTRACK-1022428
BID-35452
SECUNIA-35522
SECUNIA-35698
SECUNIA-35740
SECUNIA-35804
SECUNIA-36922
SECUNIA-36950
SECUNIA-37504
ADV-2009-1639
ADV-2009-1706
ADV-2009-1829
ADV-2009-3354
DSA-1898
DSA-1899
FEDORA-2009-7423
FEDORA-2009-7478
RHSA-2009:1138
http://download.strongswan.org/CHANGES2.txt
http://download.strongswan.org/CHANGES4.txt
http://download.strongswan.org/CHANGES42.txt
http://up2date.astaro.com/2009/07/up2date_7404_released.html
http://www.ingate.com/Relnote.php?ver=481

CPE    55
cpe:/a:openswan:openswan:2.4
cpe:/a:openswan:openswan:2.4.2
cpe:/a:openswan:openswan:2.4.4
cpe:/a:openswan:openswan:2.6.04
...
CWE    1
CWE-20
OVAL    9
oval:org.secpod.oval:def:1300235
oval:org.secpod.oval:def:102251
oval:org.secpod.oval:def:600430
oval:org.secpod.oval:def:101607
...

© 2013 SecPod Technologies