Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Openswan
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Openswan
ID: MDVSA-2013:231
Distribution: Mandriva
Plattformen: Mandriva Enterprise Server 5.0
Datum: Do, 12. September 2013, 19:22
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
Applikationen: Openswan

Originalnachricht

This is a multi-part message in MIME format...

------------=_1378984878-3002-42

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:231
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : openswan
Date : September 12, 2013
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been discovered and corrected in openswan:

The IPSEC livetest tool in Openswan 2.4.12 and earlier, and
2.6.x through 2.6.16, allows local users to overwrite arbitrary
files and execute arbitrary code via a symlink attack on the (1)
ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE:
in many distributions and the upstream version, this tool has been
disabled (CVE-2008-4190).

The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21
and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before
2.8.9, allows remote attackers to cause a denial of service (daemon
crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK
Dead Peer Detection (DPD) IPsec IKE Notification message that triggers
a NULL pointer dereference related to inconsistent ISAKMP state and
the lack of a phase2 state association in DPD (CVE-2009-0790).

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c,
libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10,
4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before
2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial
of service (pluto IKE daemon crash) via an X.509 certificate with (1)
crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME
string, or (3) a crafted GENERALIZEDTIME string (CVE-2009-2185).

Use-after-free vulnerability in the cryptographic helper handler
functionality in Openswan 2.3.0 through 2.6.36 allows remote
authenticated users to cause a denial of service (pluto IKE daemon
crash) via vectors related to the (1) quick_outI1_continue and (2)
quick_outI1 functions (CVE-2011-4073).

Buffer overflow in the atodn function in Openswan before 2.6.39,
when Opportunistic Encryption is enabled and an RSA key is being
used, allows remote attackers to cause a denial of service (pluto IKE
daemon crash) and possibly execute arbitrary code via crafted DNS TXT
records. NOTE: this might be the same vulnerability as CVE-2013-2052
and CVE-2013-2054 (CVE-2013-2053).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
2596b7d865d78472fe5b88657f79731e
mes5/i586/openswan-2.6.16-1.1mdvmes5.2.i586.rpm
631e3fb722ca66a7abf7931632977459
mes5/i586/openswan-doc-2.6.16-1.1mdvmes5.2.i586.rpm
77873db1e0ff1bad0873896bb98bbaea
mes5/SRPMS/openswan-2.6.16-1.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
9f41766ae39be4d95ad267ac4c9f76dd
mes5/x86_64/openswan-2.6.16-1.1mdvmes5.2.x86_64.rpm
788a2afca1e8cc38ca7eb9e1c146c573
mes5/x86_64/openswan-doc-2.6.16-1.1mdvmes5.2.x86_64.rpm
77873db1e0ff1bad0873896bb98bbaea
mes5/SRPMS/openswan-2.6.16-1.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFSMXa3mqjQ0CJFipgRArf7AKDRd3G09pBWMkDmXQBVLsIyICg4TACfYdkC
8X4IyuSYdIn4Q688lB08ZMs=
=LfBS
-----END PGP SIGNATURE-----


------------=_1378984878-3002-42
Content-Type: text/plain; charset="UTF-8";
name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://store.mandriva.com
_______________________________________________________


------------=_1378984878-3002-42--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung