Vulnerability Details CVE-2009-2661
The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 81.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch
- http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://secunia.com/advisories/36922
- http://up2date.astaro.com/2009/08/up2date_7505_released.html
- http://www.debian.org/security/2009/dsa-1899
- http://www.openwall.com/lists/oss-security/2009/07/27/1
- http://www.vupen.com/english/advisories/2009/2247
- https://lists.strongswan.org/pipermail/announce/2009-July/000056.html
- http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch
- http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
- http://secunia.com/advisories/36922
- http://up2date.astaro.com/2009/08/up2date_7505_released.html
- http://www.debian.org/security/2009/dsa-1899
- http://www.openwall.com/lists/oss-security/2009/07/27/1
- http://www.vupen.com/english/advisories/2009/2247
- https://lists.strongswan.org/pipermail/announce/2009-July/000056.html
Products affected by CVE-2009-2661
-
cpe:2.3:a:strongswan:strongswan:2.8.0
-
cpe:2.3:a:strongswan:strongswan:2.8.1
-
cpe:2.3:a:strongswan:strongswan:2.8.10
-
cpe:2.3:a:strongswan:strongswan:2.8.2
-
cpe:2.3:a:strongswan:strongswan:2.8.3
-
cpe:2.3:a:strongswan:strongswan:2.8.4
-
cpe:2.3:a:strongswan:strongswan:2.8.5
-
cpe:2.3:a:strongswan:strongswan:2.8.6
-
cpe:2.3:a:strongswan:strongswan:2.8.7
-
cpe:2.3:a:strongswan:strongswan:2.8.8
-
cpe:2.3:a:strongswan:strongswan:4.2.0
-
cpe:2.3:a:strongswan:strongswan:4.2.1
-
cpe:2.3:a:strongswan:strongswan:4.2.10
-
cpe:2.3:a:strongswan:strongswan:4.2.11
-
cpe:2.3:a:strongswan:strongswan:4.2.12
-
cpe:2.3:a:strongswan:strongswan:4.2.13
-
cpe:2.3:a:strongswan:strongswan:4.2.14
-
cpe:2.3:a:strongswan:strongswan:4.2.15
-
cpe:2.3:a:strongswan:strongswan:4.2.16
-
cpe:2.3:a:strongswan:strongswan:4.2.2
-
cpe:2.3:a:strongswan:strongswan:4.2.3
-
cpe:2.3:a:strongswan:strongswan:4.3.0
-
cpe:2.3:a:strongswan:strongswan:4.3.1
-
cpe:2.3:a:strongswan:strongswan:4.3.2