Vulnerability identifier: #VU41717

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-2891

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
strongSwan
Server applications / Encryption software

Vendor: strongswan.org

Description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. Per: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-%28cve-2014-2891%29.html "Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1.

Mitigation
Install update from vendor's website.

Vulnerable software versions

strongSwan: 5.0.0 - 5.1.1

---

External links
http://lists.opensuse.org/opensuse-updates/2014-05/msg00064.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00066.html
http://secunia.com/advisories/59864
http://www.debian.org/security/2014/dsa-2922
http://www.securityfocus.com/bid/67212
http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.