[<prev] [next>] [<thread-prev] [month] [year] [list]
Date: Sat, 6 Jun 2009 13:45:54 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: OSS-Security Mailinglist <oss-security@...ts.openwall.com>
Subject: Re: CVE request: two denial of service bugs in
strongswan
======================================================
Name: CVE-2009-1957
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1957
Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt
Reference: CONFIRM:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch
Reference: CONFIRM:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme
charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1
allows remote attackers to cause a denial of service (NULL pointer
dereference and crash) via an invalid IKE_SA_INIT request that
triggers "an incomplete state," followed by a CREATE_CHILD_SA request.
======================================================
Name: CVE-2009-1958
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1958
Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt
Reference: CONFIRM:http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch
Reference: CONFIRM:http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme
charon/sa/tasks/child_create.c in the charon daemon in strongSWAN
before 4.3.1 switches the NULL checks for TSi and TSr payloads, which
allows remote attackers to cause a denial of service via an IKE_AUTH
request without a (1) TSi or (2) TSr traffic selector.
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ