[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3240Date: (C)2015-12-15   (M)2023-12-22


The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1033418
BID-77536
GLSA-201603-13
RHSA-2015:1979
https://lists.openswan.org/pipermail/users/2015-August/023401.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://libreswan.org/security/CVE-2015-3240/CVE-2015-3240.txt

CWE    1
CWE-189
OVAL    3
oval:org.secpod.oval:def:501675
oval:org.secpod.oval:def:1501203
oval:org.secpod.oval:def:203767

© SecPod Technologies