On Mon, 9 Mar 2009, Robert Buchholz wrote:
> Subject: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation
Once again, thanks to everyone for not contacting the Openswan Project
in this matter just like they did not do this 6 months ago when this
"vulnerability" came out originally.
> Severity: Normal
> Title: Openswan: Insecure temporary file creation
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Openswan: Denial of Service
Date: September 09, 2009
Bugs: #264346, #275233
ID: 200909-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hello Paul,
On Monday 09 March 2009, Paul Wouters wrote:
> On Mon, 9 Mar 2009, Robert Buchholz wrote:
> > Subject: [ GLSA 200903-18 ] Openswan: Insecure temporary file
> > creation
>
> Once again, thanks to everyone for not contacting the Openswan
> Project in this matter just like they did not do this 6 months ago
> when this "vulnerability" came out originally.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Openswan: Insecure temporary file creation
Date: March 09, 2009
Bugs: #238574
ID: 200903-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
==========================================================================
Openswan & Strongswan Security Notification March 30, 2009
Remote DoS Vulnerability in Openswan & Strongswan IPsec
CVE-2009-0790
==========================================================================
A vulnerability in the Dead Peer Detection (RFC-3706) code was found by
Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
Debian Security Advisory DSA-1760-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 30, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openswan
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-4190 CVE-2009-0790
Debian Bug : 496374
Debian Security Advisory DSA-1898-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : openswan
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-2185
It was discovered that the pluto daemon in the openswan, an
A vulnerability has been found and corrected in strongswan:
The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c,
libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10,
4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before
2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial
of service (pluto IKE daemon crash) via an X.509 certificate with (1)
crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME
string, or (3) a crafted GENERALIZEDTIME string (CVE-2009-2185).
