CVE-2009-2185

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-2185
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/35452 Patch
http://secunia.com/advisories/35522 Vendor Advisory
http://download.strongswan.org/CHANGES2.txt Vendor Advisory
http://download.strongswan.org/CHANGES42.txt Vendor Advisory
http://download.strongswan.org/CHANGES4.txt Vendor Advisory
http://www.vupen.com/english/advisories/2009/1639 Vendor Advisory
http://www.securitytracker.com/id?1022428
http://up2date.astaro.com/2009/07/up2date_7404_released.html
http://www.redhat.com/support/errata/RHSA-2009-1138.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
http://secunia.com/advisories/35698
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
http://www.vupen.com/english/advisories/2009/1829
http://secunia.com/advisories/35804
http://secunia.com/advisories/35740
http://www.debian.org/security/2009/dsa-1898
http://secunia.com/advisories/36922
http://www.debian.org/security/2009/dsa-1899
http://secunia.com/advisories/36950
http://www.ingate.com/Relnote.php?ver=481
http://secunia.com/advisories/37504
http://www.vupen.com/english/advisories/2009/3354
http://www.vupen.com/english/advisories/2009/1706
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.9:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.20:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:strongswan:strongswan:4.1:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:xelerance:openswan:2.6.19:*:*:*:*:*:*:*
Information

Published : 2009-06-24 19:00

Updated : 2019-07-29 07:24

NVD link : CVE-2009-2185

Mitre link : CVE-2009-2185

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

strongswan

  • strongswan

xelerance

  • openswan