Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2014-2891 CVE-2013-6075 CVE-2013-6076 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
strongSwan Server applications / Encryption software |
Vendor | strongswan.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU41717
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-2891
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. Per: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html "Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1.
MitigationInstall update from vendor's website.
Vulnerable software versionsstrongSwan: 5.0.0 - 5.1.1
External linkshttp://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html
http://secunia.com/advisories/59864
http://www.debian.org/security/2014/dsa-2922
http://www.securityfocus.com/bid/67212
http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU42408
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-6075
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
MitigationInstall update from vendor's website.
Vulnerable software versionsstrongSwan: 4.3.3 - 5.1.0
External linkshttp://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch
http://www.debian.org/security/2012/dsa-2789
http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU42409
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-6076
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.
MitigationInstall update from vendor's website.
Vulnerable software versionsstrongSwan: 5.0.2 - 5.1.0
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.