Vulnerabilites related to openswan - openswan
Vulnerability from fkie_nvd
Vendor | Product | Version | |
---|---|---|---|
frees_wan | frees_wan | 1 | |
frees_wan | frees_wan | 2 | |
frees_wan | super_frees_wan | 1 | |
openswan | openswan | 1 | |
openswan | openswan | 2 | |
strongswan | strongswan | * |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:frees_wan:frees_wan:1:*:*:*:*:*:*:*", "matchCriteriaId": "10B562DF-7470-4C26-9989-0872DA521B44", "vulnerable": true }, { "criteria": "cpe:2.3:a:frees_wan:frees_wan:2:*:*:*:*:*:*:*", "matchCriteriaId": "E5B02427-164D-4B6B-ACF1-662691FC6828", "vulnerable": true }, { "criteria": "cpe:2.3:a:frees_wan:super_frees_wan:1:*:*:*:*:*:*:*", "matchCriteriaId": "4C94B5FB-8830-4217-BB07-36DAD9902259", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:1:*:*:*:*:*:*:*", "matchCriteriaId": "06740766-75C5-4EDA-8BFD-96C5E7AE1A73", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2:*:*:*:*:*:*:*", "matchCriteriaId": "E54638CB-40EE-47D1-A373-1AEF85DE9405", "vulnerable": true }, { "criteria": "cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "D62594D0-8847-4CC4-9AFD-3C216D429C5B", "versionEndIncluding": "2.1.2", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject." }, { "lang": "es", "value": "FreeS/WAN 1.x y 2.x, y otros productos relacionados, incluyendo superfreeswan 1.x, openswan 1.x anteriores a 1.0.6, openswan 2.x anteriores a 2.1.4 y strongSwan anteriores a 2.1.3 permite a atacantes remotos autenticarse usando certificados PKCS#7 falsificados en los que un certificado auto-firmado identifica a una Autoridad Certificadora (CA) y a un usuario y asunto suplantados." } ], "id": "CVE-2004-0590", "lastModified": "2024-11-20T23:48:55.497", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2004-12-06T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200406-20.xml" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.openswan.org/support/vuln/can-2004-0590/" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://security.gentoo.org/glsa/glsa-200406-20.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.openswan.org/support/vuln/can-2004-0590/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openswan:openswan:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "83BD9C38-8D11-4A21-9A80-83D4D02ECC3C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "7BF7EA37-F5B2-4EBE-A959-29F559A47F47", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C062450-8D41-4E0C-AEAD-6C51D9B8F107", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "4D15B299-2298-4617-8CED-5F98C2E68D07", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:1.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "F7FA0C68-A45A-42EB-9F1F-E911F32589BC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:1.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "411E9D06-5756-4918-965C-3E83890F0316", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A9EABDE-514F-42BA-A335-135209605981", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2425AF51-C42B-4EAA-A619-EE47EAFCBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "892D939B-4649-4B90-A2C0-6C2E4DDF7DFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "1A321B57-5E08-48C8-9288-A92342770FD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "54780B50-9CFE-43B6-8BB9-C7246F817773", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "001E2700-CE33-495A-8F8A-81E2E550CFF2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6A628FE6-A042-4DF9-A141-8BE65FD236C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "112D7B10-50E4-4903-9E34-DB4857D6C658", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "77930F86-13FF-4787-A39F-2D00110AFBFC", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B1ADD64-2503-4EED-9F6F-E425A3406123", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A3067BE9-4314-42BD-8131-89C4899F7D47", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "E00CA6E5-1F63-4D59-BA72-0F8697671718", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "C35A2049-8502-41F2-894E-E39AEBEB6816", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "1109A84D-1815-4A7B-8EDA-E493A1973224", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "B20531A3-F6F8-4FE1-9C0A-FDFABAC4C6AA", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C9F212AE-D5B3-4A88-A1E6-00A13A0A2AD5", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "DD82E956-8C8E-4B38-9E82-4AA9AEFE6891", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "2D0F0EA4-A0DF-48CC-9B42-465A36945503", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "8945D2A7-B1C3-4981-B840-FB046AB6F4B6", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "338E969E-2CC6-44F3-A938-EE7131375AB8", "vulnerable": false }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*", "matchCriteriaId": "78325087-599F-448B-8C47-570914FF6C59", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*", "matchCriteriaId": "059CFA5C-B262-47AF-94A6-8E74AFB19204", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*", "matchCriteriaId": "12F25627-235B-4312-80A4-4E36DE0E72A4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*", "matchCriteriaId": "B3E70B88-6348-42BB-AE96-46BDB1F3C6FB", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*", "matchCriteriaId": "12A9DF25-48E8-4D52-A267-1BE0437E9000", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*", "matchCriteriaId": "C986533F-E320-46FA-A9F7-DAFDB1A0628A", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*", "matchCriteriaId": "7C77DED4-2696-4172-92B7-43034E61F845", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "2EDCCFDA-99A8-4590-99F1-95F3A5AD70B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "BED1BA7D-B603-49D4-9080-4A9FEC056A69", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "9E8EB86B-2DD9-4C4B-9C9A-E88B2C458C8B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "207B98DB-5962-4F62-AF5B-D48EF0C0E2A5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "DFB65639-AE3A-4984-93F9-2A8100DCEE6B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "B8921D08-FBA3-4C0A-8944-362909C5EB6B", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "3FBD5312-E44F-4996-AA29-AFED53A90E8E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled." }, { "lang": "es", "value": "La herramienta livetest de IPSEC en Openswan versi\u00f3n 2.4.12 y anteriores, y versiones 2.6.x hasta 2.6.16, permite a los usuarios locales sobrescribir archivos arbitrarios y ejecutar c\u00f3digo arbitrario mediante un ataque de tipo symlink en los archivos temporales (1) ipseclive.conn y (2) ipsec.olts.remote.log. NOTA: en muchas distribuciones y en la versi\u00f3n anterior, esta herramienta se ha deshabilitado." } ], "id": "CVE-2008-4190", "lastModified": "2024-11-21T00:51:07.377", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2008-09-24T11:42:25.250", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374" }, { "source": "cve@mitre.org", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34182" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34472" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2009/dsa-1760" }, { "source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/501624/100/0/threaded" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/501640/100/0/threaded" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/31243" }, { "source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" }, { "source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460425" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45250" }, { "source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078" }, { "source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/9135" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34182" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/34472" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2009/dsa-1760" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/501624/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/501640/100/0/threaded" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/31243" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460425" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45250" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/9135" } ], "sourceIdentifier": "cve@mitre.org", "vendorComments": [ { "comment": "This issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html", "lastModified": "2009-03-30T00:00:00", "organization": "Red Hat" } ], "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-59" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:frees_wan:frees_wan:2.04:*:*:*:*:*:*:*", "matchCriteriaId": "68C84C1F-2804-4E5F-B34E-D75530CD5A71", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A9EABDE-514F-42BA-A335-135209605981", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2425AF51-C42B-4EAA-A619-EE47EAFCBA83", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "892D939B-4649-4B90-A2C0-6C2E4DDF7DFD", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "1A321B57-5E08-48C8-9288-A92342770FD1", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "54780B50-9CFE-43B6-8BB9-C7246F817773", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "001E2700-CE33-495A-8F8A-81E2E550CFF2", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6A628FE6-A042-4DF9-A141-8BE65FD236C5", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7841F42-1226-43C4-A007-88847925D872", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." } ], "id": "CVE-2005-3671", "lastModified": "2024-11-21T00:02:24.197", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-11-18T21:03:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" }, { "source": "cve@mitre.org", "url": "http://jvn.jp/niscc/NISCC-273756/index.html" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/17581" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/17680" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/17980" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/18115" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015214" }, { "source": "cve@mitre.org", "tags": [ "Exploit" ], "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" }, { "source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/226364" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" }, { "source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.openswan.org/niscc2/" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15416" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://jvn.jp/niscc/NISCC-273756/index.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17581" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17680" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/17980" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18115" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015214" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit" ], "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/226364" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.openswan.org/niscc2/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/15416" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openswan:openswan:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1A71002-A4C7-4084-9E92-478269246DBC", "vulnerable": true }, { "criteria": "cpe:2.3:a:openswan:openswan:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F061B74-4A35-4DAC-B1B1-16A9850585BB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784." }, { "lang": "es", "value": "Openswan v2.2.x no restringe correctamente los permisos para (1) /var/run/starter.pid, relacionados con starter.c en el arranque IPsec, y (2) /var/lock/subsys/ipsec, que permite a usuarios locales matar procesos de su elecci\u00f3n escribiendo un PID en un archivo, o posiblemente evitar las cuotas de disco por escritura de datos arbitrarios en un archivo, como lo demuestran los archivos con permisos 0666, una vulnerabilidad diferente de CVE-2011-1784." } ], "id": "CVE-2011-2147", "lastModified": "2024-11-21T01:27:41.460", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "LOW", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2011-05-20T22:55:05.487", "references": [ { "source": "cve@mitre.org", "url": "http://lists.debian.org/debian-security/2011/05/msg00012.html" }, { "source": "cve@mitre.org", "url": "http://lists.debian.org/debian-security/2011/05/msg00013.html" }, { "source": "cve@mitre.org", "url": "http://lists.debian.org/debian-security/2011/05/msg00018.html" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.debian.org/debian-security/2011/05/msg00012.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.debian.org/debian-security/2011/05/msg00013.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.debian.org/debian-security/2011/05/msg00018.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-264" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:openswan:openswan:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2411B8B-FE2A-4E99-A280-0FB39291E96F", "versionEndIncluding": "1.0.9", "vulnerable": true }, { "criteria": "cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "39C5F91B-EE8A-4A81-A21D-68A3F4295200", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code." } ], "id": "CVE-2005-0162", "lastModified": "2024-11-20T23:54:33.273", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2005-01-26T05:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/14038" }, { "source": "cve@mitre.org", "url": "http://secunia.com/advisories/14062" }, { "source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013014" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=190\u0026type=vulnerabilities" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.openswan.org/support/vuln/IDEF0785/" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/13195" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/12377" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14038" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/14062" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1013014" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.idefense.com/application/poi/display?id=190\u0026type=vulnerabilities" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.openswan.org/support/vuln/IDEF0785/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/13195" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/12377" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
var-201411-0042
Vulnerability from variot
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. Openswan 2.6.40 and prior are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0042", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openswan", "scope": "eq", "trust": 1.4, "vendor": "openswan", "version": "2.6.40" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.40" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.25/2.6.26/2.6.27/2.6.28" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.29-2.6.37" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.37" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.22" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.21" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.20" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.16" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.36" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.35" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.33" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.29" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.28" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.27" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.26" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.25" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "BID", "id": "65629" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "NVD", "id": "CVE-2014-2037" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2014-2037" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Paul Wouters", "sources": [ { "db": "BID", "id": "65629" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ], "trust": 0.9 }, "cve": "CVE-2014-2037", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2014-2037", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2014-01142", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2014-2037", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2014-01142", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201411-450", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "NVD", "id": "CVE-2014-2037" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. \nOpenswan 2.6.40 and prior are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-2037" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "BID", "id": "65629" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-2037", "trust": 3.3 }, { "db": "BID", "id": "65629", "trust": 2.5 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2014/02/18/1", "trust": 1.6 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2014/02/20/2", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-005646", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2014-01142", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201411-450", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "BID", "id": "65629" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "NVD", "id": "CVE-2014-2037" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "id": "VAR-201411-0042", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" } ] }, "last_update_date": "2023-12-18T12:07:49.209000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Openswan 2.6.41 released", "trust": 0.8, "url": "https://lists.openswan.org/pipermail/users/2014-february/022898.html" }, { "title": "Openswan IKEv2 Payloads Incomplete Fix Remote Denial of Service Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/43764" }, { "title": "openswan-2.6.41", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52570" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "NVD", "id": "CVE-2014-2037" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "http://www.securityfocus.com/bid/65629" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2014/02/18/1" }, { "trust": 1.6, "url": "http://www.openwall.com/lists/oss-security/2014/02/20/2" }, { "trust": 1.6, "url": "https://lists.openswan.org/pipermail/users/2014-february/022898.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2037" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2037" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "NVD", "id": "CVE-2014-2037" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "BID", "id": "65629" }, { "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "db": "NVD", "id": "CVE-2014-2037" }, { "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-02-21T00:00:00", "db": "CNVD", "id": "CNVD-2014-01142" }, { "date": "2014-02-18T00:00:00", "db": "BID", "id": "65629" }, { "date": "2014-11-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "date": "2014-11-26T15:59:00.090000", "db": "NVD", "id": "CVE-2014-2037" }, { "date": "2014-02-18T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-02-24T00:00:00", "db": "CNVD", "id": "CNVD-2014-01142" }, { "date": "2014-11-25T00:55:00", "db": "BID", "id": "65629" }, { "date": "2014-11-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-005646" }, { "date": "2019-07-29T13:26:45.483000", "db": "NVD", "id": "CVE-2014-2037" }, { "date": "2019-07-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201411-450" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201411-450" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Openswan IKEv2 Payloads Incomplete Fix Remote Denial of Service Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2014-01142" }, { "db": "BID", "id": "65629" } ], "trust": 0.9 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201411-450" } ], "trust": 0.6 } }
var-201401-0260
Vulnerability from variot
Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Versions prior to Libreswan 3.8 are vulnerable. Openswan is prone to a remote denial-of-service vulnerability due to a use-after-free error. An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition. Note: This issue occurs only when Openswan is configured with 'nhelpers=0'. Openswan 2.3.0 to 2.6.36 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0260", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "libreswan", "scope": "eq", "trust": 1.9, "vendor": "libreswan", "version": "3.6" }, { "model": "libreswan", "scope": "eq", "trust": 1.9, "vendor": "libreswan", "version": "3.4" }, { "model": "libreswan", "scope": "eq", "trust": 1.9, "vendor": "libreswan", "version": "3.3" }, { "model": "libreswan", "scope": "lte", "trust": 1.8, "vendor": "libreswan", "version": "3.7" }, { "model": "libreswan", "scope": "eq", "trust": 1.6, "vendor": "libreswan", "version": "3.0" }, { "model": "libreswan", "scope": "eq", "trust": 1.6, "vendor": "libreswan", "version": "3.5" }, { "model": "libreswan", "scope": "eq", "trust": 1.6, "vendor": "libreswan", "version": "3.1" }, { "model": "libreswan", "scope": "eq", "trust": 1.6, "vendor": "libreswan", "version": "3.2" }, { "model": "libreswan", "scope": "eq", "trust": 0.9, "vendor": "libreswan", "version": "3.7" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "3.7" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.6, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.6, "vendor": "oracle", "version": "6" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.22" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.21" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.20" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.16" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.36" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.35" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.33" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.29" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.28" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.27" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.26" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.25" }, { "model": "linux sparc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.6, "vendor": "debian", "version": "6.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.6, "vendor": "avaya", "version": "53002.0" }, { "model": "contact fl mguard smart2 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard smart2 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard smart2", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard smart2", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4004 tx/dtx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4004 tx/dtx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4004 tx/dtx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4004 tx/dtx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx-p", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx-p", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx vpn-m", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx vpn-m", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs2005 tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs2005 tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs2000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs2000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs vpn analog", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs vpn analog", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard pcie4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard pcie4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard pci4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard pci4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard pci4000", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard pci4000", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard gt/gt vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard gt/gt vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard gt/gt", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard gt/gt", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard delta tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard delta tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard delta tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard delta tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard centerport", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard centerport", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.38" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.37" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.34" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.31" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.30" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.24" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.23" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.19" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.18" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.17" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.15" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.14" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.2" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.39" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.13" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.12" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.11" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.10" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.09" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.08" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.07" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.06" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.05" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.04" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.03" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.01" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "contact fl mguard smart2 vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard smart2", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4004 tx/dtx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4004 tx/dtx", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx-p", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx vpn-m", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs2005 tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs2000 tx/tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs vpn analog", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard pcie4000 vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard pci4000 vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard pci4000", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard gt/gt vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard gt/gt", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard delta tx/tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard delta tx/tx", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard centerport", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "libreswan", "scope": "ne", "trust": 0.3, "vendor": "libreswan", "version": "3.8" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.4.15" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.4.14" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.4.13" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.4.4" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.4.2" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.4" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.3.1" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.3" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.1" }, { "model": "openswan", "scope": "ne", "trust": 0.3, "vendor": "openswan", "version": "2.6.37" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" }, { "db": "BID", "id": "50440" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "NVD", "id": "CVE-2013-6467" }, { "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:libreswan:libreswan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "3.7", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-6467" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Iustina Melinte", "sources": [ { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" } ], "trust": 0.6 }, "cve": "CVE-2013-6467", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2013-6467", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2014-00690", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-6467", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2014-00690", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201401-548", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "NVD", "id": "CVE-2013-6467" }, { "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. \nVersions prior to Libreswan 3.8 are vulnerable. Openswan is prone to a remote denial-of-service vulnerability due to a use-after-free error. \nAn attacker may exploit this issue to crash the application, resulting in a denial-of-service condition. \nNote: This issue occurs only when Openswan is configured with \u0027nhelpers=0\u0027. \nOpenswan 2.3.0 to 2.6.36 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2013-6467" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" }, { "db": "BID", "id": "50440" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-6467", "trust": 3.9 }, { "db": "BID", "id": "64987", "trust": 1.9 }, { "db": "SECUNIA", "id": "56420", "trust": 1.6 }, { "db": "OSVDB", "id": "102172", "trust": 1.6 }, { "db": "BID", "id": "65155", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2013-005933", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2014-00690", "trust": 0.6 }, { "db": "XF", "id": "90522", "trust": 0.6 }, { "db": "XF", "id": "20136467", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201401-548", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-17-250-02", "trust": 0.3 }, { "db": "BID", "id": "50440", "trust": 0.3 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" }, { "db": "BID", "id": "50440" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "NVD", "id": "CVE-2013-6467" }, { "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "id": "VAR-201401-0260", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" } ] }, "last_update_date": "2023-12-18T10:43:38.883000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2013-6467 Libreswan dereferencing missing IKEv2 payloads causes restart", "trust": 0.8, "url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt" }, { "title": "Patch for Openswan IKEv2 Load Remote Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/43206" }, { "title": "libreswan-3.8", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47727" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "NVD", "id": "CVE-2013-6467" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt" }, { "trust": 1.6, "url": "http://osvdb.org/102172" }, { "trust": 1.6, "url": "http://secunia.com/advisories/56420" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/64987" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90522" }, { "trust": 0.9, "url": "http://www.openswan.org/" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6467" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6467" }, { "trust": 0.6, "url": "http://xforce.iss.net/xforce/xfdb/90522" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100178570" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-250-02" }, { "trust": 0.3, "url": "https://download.libreswan.org/changes" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100152275" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" }, { "db": "BID", "id": "50440" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "NVD", "id": "CVE-2013-6467" }, { "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" }, { "db": "BID", "id": "50440" }, { "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "db": "NVD", "id": "CVE-2013-6467" }, { "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-01-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-00690" }, { "date": "2014-01-27T00:00:00", "db": "BID", "id": "65155" }, { "date": "2014-01-15T00:00:00", "db": "BID", "id": "64987" }, { "date": "2011-10-31T00:00:00", "db": "BID", "id": "50440" }, { "date": "2014-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "date": "2014-01-26T20:55:05.377000", "db": "NVD", "id": "CVE-2013-6467" }, { "date": "2014-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-02-13T00:00:00", "db": "CNVD", "id": "CNVD-2014-00690" }, { "date": "2017-09-08T13:13:00", "db": "BID", "id": "65155" }, { "date": "2015-04-13T21:58:00", "db": "BID", "id": "64987" }, { "date": "2015-04-13T21:50:00", "db": "BID", "id": "50440" }, { "date": "2014-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005933" }, { "date": "2017-08-29T01:33:58.827000", "db": "NVD", "id": "CVE-2013-6467" }, { "date": "2014-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201401-548" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" }, { "db": "BID", "id": "50440" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Libreswan Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005933" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Failure to Handle Exceptional Conditions", "sources": [ { "db": "BID", "id": "65155" }, { "db": "BID", "id": "64987" } ], "trust": 0.6 } }
var-201401-0259
Vulnerability from variot
Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue to restart the application, resulting in a denial-of-service condition to legitimate users. Openswan 2.6.39 and prior are vulnerable.
CVE-2013-2053
During an audit of Libreswan (with which Openswan shares some code),
Florian Weimer found a remote buffer overflow in the atodn()
function. This vulnerability can be triggered when Opportunistic
Encryption (OE) is enabled and an attacker controls the PTR record
of a peer IP address.
Authentication is not needed to trigger the vulnerability.
CVE-2013-6466
Iustina Melinte found a vulnerability in Libreswan which also
applies to the Openswan code. By carefuly crafting IKEv2 packets, an
attacker can make the pluto daemon derefeences non-received IKEv2
payload, leading to the daemon crash.
Authentication is not needed to trigger the vulnerability.
Patches were originally written to fix the vulnerabilities in Libreswan, and have been ported to Openswan by Paul Wouters from the Libreswan Project.
Since the Openswan package is not maintained anymore in the Debian distribution and is not available in testing and unstable suites, it is recommended for IKE/IPsec users to switch to a supported implementation like strongSwan.
For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.28+dfsg-5+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 2.6.37-3.1.
We recommend that you upgrade your openswan packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openswan security update Advisory ID: RHSA-2014:0185-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0185.html Issue date: 2014-02-18 CVE Names: CVE-2013-6466 =====================================================================
- Summary:
Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. (CVE-2013-6466)
All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1050277 - CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm
i386: openswan-2.6.32-7.3.el5_10.i386.rpm openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm openswan-doc-2.6.32-7.3.el5_10.i386.rpm
x86_64: openswan-2.6.32-7.3.el5_10.x86_64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm
i386: openswan-2.6.32-7.3.el5_10.i386.rpm openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm openswan-doc-2.6.32-7.3.el5_10.i386.rpm
ia64: openswan-2.6.32-7.3.el5_10.ia64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.ia64.rpm openswan-doc-2.6.32-7.3.el5_10.ia64.rpm
ppc: openswan-2.6.32-7.3.el5_10.ppc.rpm openswan-debuginfo-2.6.32-7.3.el5_10.ppc.rpm openswan-doc-2.6.32-7.3.el5_10.ppc.rpm
s390x: openswan-2.6.32-7.3.el5_10.s390x.rpm openswan-debuginfo-2.6.32-7.3.el5_10.s390x.rpm openswan-doc-2.6.32-7.3.el5_10.s390x.rpm
x86_64: openswan-2.6.32-7.3.el5_10.x86_64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
ppc64: openswan-2.6.32-27.2.el6_5.ppc64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm
s390x: openswan-2.6.32-27.2.el6_5.s390x.rpm openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm
x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm
ppc64: openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm openswan-doc-2.6.32-27.2.el6_5.ppc64.rpm
s390x: openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm openswan-doc-2.6.32-27.2.el6_5.s390x.rpm
x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-6466.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTA6D7XlSAg2UNWIIRAkO0AKCCIbfDJPZuuXS7U6rZU8/CimQlxwCeIPUb dpyjtxp6hcgn2NES8FPSOkw= =jFWA -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Background
Openswan is an implementation of IPsec for Linux.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openswan <= 2.6.39-r1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
Impact
A remote attacker could create a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Openswan. We recommend that users unmerge Openswan:
# emerge --unmerge "net-misc/openswan"
NOTE: The Gentoo developer(s) maintaining Openswan have discontinued support at this time. It may be possible that a new Gentoo developer will update Openswan at a later date. Alternatives packages such as Libreswan and strongSwan are currently available in Gentoo Portage.
References
[ 1 ] CVE-2013-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6466
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201411-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0259", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.12" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.10" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.11" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.02" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.17" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.1" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.12" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.24" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.29" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.36" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.10" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.3" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.8" }, { "model": "openswan", "scope": "lte", "trust": 1.0, "vendor": "xelerance", "version": "2.6.39" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.01" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.9" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.16" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.22" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.0" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.05" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.02" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.06" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.33" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.08" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.04" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.37" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.20" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.13" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.32" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.18" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.19" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.35" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.01" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.11" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.15" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.4" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.21" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.25" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.11" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.7" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.14" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.16" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.14" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.6" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.0" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.07" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.09" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.15" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.13" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.07" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.17" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.2" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.04" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.34" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.4.5" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.18" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.05" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.3.0" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.03" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.38" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.30" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.27" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.09" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.3.1" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.03" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.31" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.26" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.10" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.08" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.12" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.13" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.23" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.6.28" }, { "model": "openswan", "scope": "eq", "trust": 1.0, "vendor": "xelerance", "version": "2.5.06" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.38" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.37" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.34" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.31" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.30" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.39" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.36" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.35" }, { "model": "openswan", "scope": "eq", "trust": 0.9, "vendor": "openswan", "version": "2.6.33" }, { "model": "openswan", "scope": "lte", "trust": 0.8, "vendor": "openswan", "version": "2.6.39" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "3.7" }, { "model": "openswan", "scope": "eq", "trust": 0.6, "vendor": "openswan", "version": "2.6.32" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "contact fl mguard smart2 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard smart2 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard smart2", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard smart2", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4004 tx/dtx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4004 tx/dtx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4004 tx/dtx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4004 tx/dtx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx-p", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx-p", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx vpn-m", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx vpn-m", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs4000 tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs4000 tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs2005 tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs2005 tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs2000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs2000 tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs vpn analog", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs vpn analog", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard rs", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard rs", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard pcie4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard pcie4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard pci4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard pci4000 vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard pci4000", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard pci4000", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard gt/gt vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard gt/gt vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard gt/gt", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard gt/gt", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard delta tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard delta tx/tx vpn", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard delta tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard delta tx/tx", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "contact fl mguard centerport", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.5.1" }, { "model": "contact fl mguard centerport", "scope": "eq", "trust": 0.3, "vendor": "phoenix", "version": "8.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.24" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.23" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.22" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.21" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.20" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.19" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.18" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.17" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.16" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.15" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.14" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.2" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.29" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.28" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.27" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.26" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.25" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.13" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.12" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.11" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.10" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.09" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.08" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.07" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.06" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.05" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.04" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.03" }, { "model": "openswan", "scope": "eq", "trust": 0.3, "vendor": "openswan", "version": "2.6.01" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura conferencing", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53003.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "contact fl mguard smart2 vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard smart2", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4004 tx/dtx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4004 tx/dtx", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx-p", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx vpn-m", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs4000 tx/tx", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs2005 tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs2000 tx/tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs vpn analog", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard rs", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard pcie4000 vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard pci4000 vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard pci4000", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard gt/gt vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard gt/gt", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard delta tx/tx vpn", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard delta tx/tx", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" }, { "model": "contact fl mguard centerport", "scope": "ne", "trust": 0.3, "vendor": "phoenix", "version": "8.5.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "NVD", "id": "CVE-2013-6466" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.6.39", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.0:sbs4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.0:sbs5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.08:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.09:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.5.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:xelerance:openswan:2.6.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-6466" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Iustina Melinte", "sources": [ { "db": "BID", "id": "65155" } ], "trust": 0.3 }, "cve": "CVE-2013-6466", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2013-6466", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2014-00690", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-6466", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2014-00690", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201401-547", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "NVD", "id": "CVE-2013-6466" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. \nAn attacker may exploit this issue to restart the application, resulting in a denial-of-service condition to legitimate users. \nOpenswan 2.6.39 and prior are vulnerable. \n\nCVE-2013-2053\n\n During an audit of Libreswan (with which Openswan shares some code),\n Florian Weimer found a remote buffer overflow in the atodn()\n function. This vulnerability can be triggered when Opportunistic\n Encryption (OE) is enabled and an attacker controls the PTR record\n of a peer IP address. \n Authentication is not needed to trigger the vulnerability. \n\nCVE-2013-6466\n\n Iustina Melinte found a vulnerability in Libreswan which also\n applies to the Openswan code. By carefuly crafting IKEv2 packets, an\n attacker can make the pluto daemon derefeences non-received IKEv2\n payload, leading to the daemon crash. \n Authentication is not needed to trigger the vulnerability. \n\nPatches were originally written to fix the vulnerabilities in Libreswan,\nand have been ported to Openswan by Paul Wouters from the Libreswan\nProject. \n\nSince the Openswan package is not maintained anymore in the Debian\ndistribution and is not available in testing and unstable suites, it is\nrecommended for IKE/IPsec users to switch to a supported implementation\nlike strongSwan. \n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 2.6.28+dfsg-5+squeeze2. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.6.37-3.1. \n\nWe recommend that you upgrade your openswan packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openswan security update\nAdvisory ID: RHSA-2014:0185-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0185.html\nIssue date: 2014-02-18\nCVE Names: CVE-2013-6466 \n=====================================================================\n\n1. Summary:\n\nUpdated openswan packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenswan is a free implementation of Internet Protocol Security (IPsec) and\nInternet Key Exchange (IKE). IPsec uses strong cryptography to provide both\nauthentication and encryption services. These services allow you to build\nsecure tunnels through untrusted networks. (CVE-2013-6466)\n\nAll openswan users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1050277 - CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm\n\ni386:\nopenswan-2.6.32-7.3.el5_10.i386.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm\nopenswan-doc-2.6.32-7.3.el5_10.i386.rpm\n\nx86_64:\nopenswan-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-doc-2.6.32-7.3.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm\n\ni386:\nopenswan-2.6.32-7.3.el5_10.i386.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm\nopenswan-doc-2.6.32-7.3.el5_10.i386.rpm\n\nia64:\nopenswan-2.6.32-7.3.el5_10.ia64.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.ia64.rpm\nopenswan-doc-2.6.32-7.3.el5_10.ia64.rpm\n\nppc:\nopenswan-2.6.32-7.3.el5_10.ppc.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.ppc.rpm\nopenswan-doc-2.6.32-7.3.el5_10.ppc.rpm\n\ns390x:\nopenswan-2.6.32-7.3.el5_10.s390x.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.s390x.rpm\nopenswan-doc-2.6.32-7.3.el5_10.s390x.rpm\n\nx86_64:\nopenswan-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-doc-2.6.32-7.3.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-2.6.32-27.2.el6_5.i686.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\nopenswan-doc-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-2.6.32-27.2.el6_5.i686.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\n\nppc64:\nopenswan-2.6.32-27.2.el6_5.ppc64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm\n\ns390x:\nopenswan-2.6.32-27.2.el6_5.s390x.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm\n\nx86_64:\nopenswan-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\nopenswan-doc-2.6.32-27.2.el6_5.i686.rpm\n\nppc64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.ppc64.rpm\n\ns390x:\nopenswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm\nopenswan-doc-2.6.32-27.2.el6_5.s390x.rpm\n\nx86_64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-2.6.32-27.2.el6_5.i686.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\nopenswan-doc-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-6466.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTA6D7XlSAg2UNWIIRAkO0AKCCIbfDJPZuuXS7U6rZU8/CimQlxwCeIPUb\ndpyjtxp6hcgn2NES8FPSOkw=\n=jFWA\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBackground\n==========\n\nOpenswan is an implementation of IPsec for Linux. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openswan \u003c= 2.6.39-r1 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n\nImpact\n======\n\nA remote attacker could create a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for Openswan. We recommend that users\nunmerge Openswan:\n\n # emerge --unmerge \"net-misc/openswan\"\n\nNOTE: The Gentoo developer(s) maintaining Openswan have discontinued\nsupport at this time. It may be possible that a new Gentoo developer\nwill update Openswan at a later date. Alternatives packages such as\nLibreswan and strongSwan are currently available in Gentoo Portage. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6466\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201411-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n", "sources": [ { "db": "NVD", "id": "CVE-2013-6466" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "PACKETSTORM", "id": "125973" }, { "db": "PACKETSTORM", "id": "125264" }, { "db": "PACKETSTORM", "id": "129235" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-6466", "trust": 3.6 }, { "db": "BID", "id": "65155", "trust": 2.5 }, { "db": "CERT@VDE", "id": "VDE-2017-001", "trust": 1.6 }, { "db": "ICS CERT", "id": "ICSA-17-250-02", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2013-005932", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2014-00690", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201401-547", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "125973", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "125264", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "129235", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "PACKETSTORM", "id": "125973" }, { "db": "PACKETSTORM", "id": "125264" }, { "db": "PACKETSTORM", "id": "129235" }, { "db": "NVD", "id": "CVE-2013-6466" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "id": "VAR-201401-0259", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" } ] }, "last_update_date": "2023-12-18T11:06:24.720000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2013-6467 Libreswan dereferencing missing IKEv2 payloads causes restart", "trust": 0.8, "url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt" }, { "title": "Top Page", "trust": 0.8, "url": "https://www.openswan.org/" }, { "title": "RHSA-2014:0185", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2014-0185.html" }, { "title": "Patch for Openswan IKEv2 Load Remote Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/43206" }, { "title": "openswan-latest", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47728" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-Other", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "NVD", "id": "CVE-2013-6466" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt" }, { "trust": 1.7, "url": "http://rhn.redhat.com/errata/rhsa-2014-0185.html" }, { "trust": 1.6, "url": "http://www.debian.org/security/2014/dsa-2893" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/65155" }, { "trust": 1.6, "url": "https://cert.vde.com/en-us/advisories/vde-2017-001" }, { "trust": 1.6, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90524" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-250-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6466" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6466" }, { "trust": 0.3, "url": "http://www.openswan.org/" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100178570" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6466" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2053" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2013-6466.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6466" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201411-07.xml" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "PACKETSTORM", "id": "125973" }, { "db": "PACKETSTORM", "id": "125264" }, { "db": "PACKETSTORM", "id": "129235" }, { "db": "NVD", "id": "CVE-2013-6466" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2014-00690" }, { "db": "BID", "id": "65155" }, { "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "db": "PACKETSTORM", "id": "125973" }, { "db": "PACKETSTORM", "id": "125264" }, { "db": "PACKETSTORM", "id": "129235" }, { "db": "NVD", "id": "CVE-2013-6466" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-01-29T00:00:00", "db": "CNVD", "id": "CNVD-2014-00690" }, { "date": "2014-01-27T00:00:00", "db": "BID", "id": "65155" }, { "date": "2014-01-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "date": "2014-04-01T19:02:00", "db": "PACKETSTORM", "id": "125973" }, { "date": "2014-02-19T02:48:29", "db": "PACKETSTORM", "id": "125264" }, { "date": "2014-11-24T13:32:00", "db": "PACKETSTORM", "id": "129235" }, { "date": "2014-01-26T20:55:05.330000", "db": "NVD", "id": "CVE-2013-6466" }, { "date": "2014-01-28T00:00:00", "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-02-13T00:00:00", "db": "CNVD", "id": "CNVD-2014-00690" }, { "date": "2017-09-08T13:13:00", "db": "BID", "id": "65155" }, { "date": "2017-09-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005932" }, { "date": "2019-07-29T14:24:46.720000", "db": "NVD", "id": "CVE-2013-6466" }, { "date": "2019-07-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201401-547" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "125264" }, { "db": "PACKETSTORM", "id": "129235" }, { "db": "CNNVD", "id": "CNNVD-201401-547" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Openswan Service disruption in (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005932" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201401-547" } ], "trust": 0.6 } }
cve-2008-4190
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T10:08:34.945Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "34472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34472" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460425" }, { "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" }, { "name": "20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/501624/100/0/threaded" }, { "name": "34182", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/34182" }, { "name": "20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/501640/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10078", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan" }, { "name": "31243", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/31243" }, { "name": "9135", "tags": [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred" ], "url": "https://www.exploit-db.com/exploits/9135" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374" }, { "name": "RHSA-2009:0402", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html" }, { "name": "openswan-livetest-symlink(45250)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45250" }, { "name": "DSA-1760", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1760" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2008-08-24T00:00:00", "descriptions": [ { "lang": "en", "value": "The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "34472", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34472" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460425" }, { "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" }, { "name": "20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/501624/100/0/threaded" }, { "name": "34182", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/34182" }, { "name": "20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/501640/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10078", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan" }, { "name": "31243", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/31243" }, { "name": "9135", "tags": [ "exploit", "x_refsource_EXPLOIT-DB" ], "url": "https://www.exploit-db.com/exploits/9135" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374" }, { "name": "RHSA-2009:0402", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html" }, { "name": "openswan-livetest-symlink(45250)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45250" }, { "name": "DSA-1760", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1760" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4190", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "34472", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34472" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=460425", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=460425" }, { "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2" }, { "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770" }, { "name": "20090309 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/501624/100/0/threaded" }, { "name": "34182", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34182" }, { "name": "20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/501640/100/0/threaded" }, { "name": "oval:org.mitre.oval:def:10078", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078" }, { "name": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan", "refsource": "CONFIRM", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/openswan" }, { "name": "31243", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31243" }, { "name": "9135", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/9135" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496374" }, { "name": "RHSA-2009:0402", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-0402.html" }, { "name": "openswan-livetest-symlink(45250)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45250" }, { "name": "DSA-1760", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1760" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4190", "datePublished": "2008-09-24T10:00:00", "dateReserved": "2008-09-23T00:00:00", "dateUpdated": "2024-08-07T10:08:34.945Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2011-2147
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://lists.debian.org/debian-security/2011/05/msg00012.html | mailing-list, x_refsource_MLIST | |
http://lists.debian.org/debian-security/2011/05/msg00018.html | mailing-list, x_refsource_MLIST | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/67822 | vdb-entry, x_refsource_XF | |
http://lists.debian.org/debian-security/2011/05/msg00013.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T22:53:16.960Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-security] 20110510 World writable pid and lock files.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.debian.org/debian-security/2011/05/msg00012.html" }, { "name": "[debian-security] 20110510 Re: World writable pid and lock files.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.debian.org/debian-security/2011/05/msg00018.html" }, { "name": "openswan-pid-dos(67822)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" }, { "name": "[debian-security] 20110510 Re: World writable pid and lock files.", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://lists.debian.org/debian-security/2011/05/msg00013.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-05-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-security] 20110510 World writable pid and lock files.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.debian.org/debian-security/2011/05/msg00012.html" }, { "name": "[debian-security] 20110510 Re: World writable pid and lock files.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.debian.org/debian-security/2011/05/msg00018.html" }, { "name": "openswan-pid-dos(67822)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" }, { "name": "[debian-security] 20110510 Re: World writable pid and lock files.", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://lists.debian.org/debian-security/2011/05/msg00013.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-2147", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "[debian-security] 20110510 World writable pid and lock files.", "refsource": "MLIST", "url": "http://lists.debian.org/debian-security/2011/05/msg00012.html" }, { "name": "[debian-security] 20110510 Re: World writable pid and lock files.", "refsource": "MLIST", "url": "http://lists.debian.org/debian-security/2011/05/msg00018.html" }, { "name": "openswan-pid-dos(67822)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67822" }, { "name": "[debian-security] 20110510 Re: World writable pid and lock files.", "refsource": "MLIST", "url": "http://lists.debian.org/debian-security/2011/05/msg00013.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-2147", "datePublished": "2011-05-20T22:00:00", "dateReserved": "2011-05-20T00:00:00", "dateUpdated": "2024-08-06T22:53:16.960Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-3671
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T23:17:23.402Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" }, { "name": "15416", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/15416" }, { "name": "FEDORA-2005-1093", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" }, { "name": "1015214", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1015214" }, { "name": "17581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17581" }, { "name": "20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://jvn.jp/niscc/NISCC-273756/index.html" }, { "name": "20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" }, { "name": "GLSA-200512-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" }, { "name": "VU#226364", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/226364" }, { "name": "18115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/18115" }, { "name": "17680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17680" }, { "name": "FEDORA-2005-1092", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openswan.org/niscc2/" }, { "name": "17980", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/17980" }, { "name": "SUSE-SA:2005:070", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-11-17T00:00:00", "descriptions": [ { "lang": "en", "value": "The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2005-11-24T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" }, { "name": "15416", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/15416" }, { "name": "FEDORA-2005-1093", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" }, { "name": "1015214", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1015214" }, { "name": "17581", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17581" }, { "name": "20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://jvn.jp/niscc/NISCC-273756/index.html" }, { "name": "20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" }, { "name": "GLSA-200512-04", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" }, { "name": "VU#226364", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/226364" }, { "name": "18115", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/18115" }, { "name": "17680", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17680" }, { "name": "FEDORA-2005-1092", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openswan.org/niscc2/" }, { "name": "17980", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/17980" }, { "name": "SUSE-SA:2005:070", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-3671", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en", "refsource": "MISC", "url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en" }, { "name": "15416", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15416" }, { "name": "FEDORA-2005-1093", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html" }, { "name": "1015214", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015214" }, { "name": "17581", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17581" }, { "name": "20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html" }, { "name": "http://jvn.jp/niscc/NISCC-273756/index.html", "refsource": "MISC", "url": "http://jvn.jp/niscc/NISCC-273756/index.html" }, { "name": "20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html" }, { "name": "GLSA-200512-04", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml" }, { "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/", "refsource": "MISC", "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/" }, { "name": "VU#226364", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/226364" }, { "name": "18115", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18115" }, { "name": "17680", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17680" }, { "name": "FEDORA-2005-1092", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html" }, { "name": "http://www.openswan.org/niscc2/", "refsource": "CONFIRM", "url": "http://www.openswan.org/niscc2/" }, { "name": "17980", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17980" }, { "name": "SUSE-SA:2005:070", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_70_ipsec.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-3671", "datePublished": "2005-11-18T21:00:00", "dateReserved": "2005-11-18T00:00:00", "dateUpdated": "2024-08-07T23:17:23.402Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2004-0590
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.openswan.org/support/vuln/can-2004-0590/ | x_refsource_CONFIRM | |
http://security.gentoo.org/glsa/glsa-200406-20.xml | vendor-advisory, x_refsource_GENTOO | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16515 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T00:24:27.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "MDKSA-2004:070", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openswan.org/support/vuln/can-2004-0590/" }, { "name": "GLSA-200406-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "http://security.gentoo.org/glsa/glsa-200406-20.xml" }, { "name": "ipsec-verifyx509cert-auth-bypass(16515)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2004-06-28T00:00:00", "descriptions": [ { "lang": "en", "value": "FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "MDKSA-2004:070", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openswan.org/support/vuln/can-2004-0590/" }, { "name": "GLSA-200406-20", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "http://security.gentoo.org/glsa/glsa-200406-20.xml" }, { "name": "ipsec-verifyx509cert-auth-bypass(16515)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0590", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "MDKSA-2004:070", "refsource": "MANDRAKE", "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:070" }, { "name": "http://www.openswan.org/support/vuln/can-2004-0590/", "refsource": "CONFIRM", "url": "http://www.openswan.org/support/vuln/can-2004-0590/" }, { "name": "GLSA-200406-20", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200406-20.xml" }, { "name": "ipsec-verifyx509cert-auth-bypass(16515)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16515" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0590", "datePublished": "2004-06-30T04:00:00", "dateReserved": "2004-06-23T00:00:00", "dateUpdated": "2024-08-08T00:24:27.001Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2005-0162
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html | vendor-advisory, x_refsource_FEDORA | |
http://securitytracker.com/id?1013014 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/12377 | vdb-entry, x_refsource_BID | |
http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/19078 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/14062 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/14038 | third-party-advisory, x_refsource_SECUNIA | |
http://www.osvdb.org/13195 | vdb-entry, x_refsource_OSVDB | |
http://www.openswan.org/support/vuln/IDEF0785/ | x_refsource_CONFIRM |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T21:05:24.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "FEDORA-2005-082", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" }, { "name": "1013014", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1013014" }, { "name": "12377", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/12377" }, { "name": "20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE", "x_transferred" ], "url": "http://www.idefense.com/application/poi/display?id=190\u0026type=vulnerabilities" }, { "name": "openswan-xauth-pam-bo(19078)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" }, { "name": "14062", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14062" }, { "name": "14038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/14038" }, { "name": "13195", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/13195" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openswan.org/support/vuln/IDEF0785/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2005-01-26T00:00:00", "descriptions": [ { "lang": "en", "value": "Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "FEDORA-2005-082", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" }, { "name": "1013014", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1013014" }, { "name": "12377", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/12377" }, { "name": "20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability", "tags": [ "third-party-advisory", "x_refsource_IDEFENSE" ], "url": "http://www.idefense.com/application/poi/display?id=190\u0026type=vulnerabilities" }, { "name": "openswan-xauth-pam-bo(19078)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" }, { "name": "14062", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14062" }, { "name": "14038", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/14038" }, { "name": "13195", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/13195" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openswan.org/support/vuln/IDEF0785/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0162", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "FEDORA-2005-082", "refsource": "FEDORA", "url": "http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html" }, { "name": "1013014", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013014" }, { "name": "12377", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12377" }, { "name": "20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://www.idefense.com/application/poi/display?id=190\u0026type=vulnerabilities" }, { "name": "openswan-xauth-pam-bo(19078)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19078" }, { "name": "14062", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14062" }, { "name": "14038", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14038" }, { "name": "13195", "refsource": "OSVDB", "url": "http://www.osvdb.org/13195" }, { "name": "http://www.openswan.org/support/vuln/IDEF0785/", "refsource": "CONFIRM", "url": "http://www.openswan.org/support/vuln/IDEF0785/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0162", "datePublished": "2005-01-29T05:00:00", "dateReserved": "2005-01-27T00:00:00", "dateUpdated": "2024-08-07T21:05:24.748Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }