oss-sec mailing list archives
Re: CVE request: two denial of service bugs in strongswan
From: "Steven M. Christey" <coley () linus mitre org>
Date: Sat, 6 Jun 2009 13:45:54 -0400 (EDT)
====================================================== Name: CVE-2009-1957 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1957 Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt Reference: CONFIRM:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch Reference: CONFIRM:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. ====================================================== Name: CVE-2009-1958 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1958 Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt Reference: CONFIRM:http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch Reference: CONFIRM:http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.
Current thread:
- CVE request: two denial of service bugs in strongswan Thomas Biege (Jun 02)
- Re: CVE request: two denial of service bugs in strongswan Steven M. Christey (Jun 06)