Published: 02/11/2013 Updated: 21/11/2013

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The compare_dn function in utils/identification.c in strongSwan 4.3.3 up to and including 5.1.1 allows (1) remote malicious users to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strongswan strongswan 4.3.6
strongswan strongswan 4.3.7
strongswan strongswan 4.4.0
strongswan strongswan 4.4.1
strongswan strongswan 4.5.0
strongswan strongswan 5.0.4
strongswan strongswan 5.1.0
strongswan strongswan 4.3.4
strongswan strongswan 4.5.1
strongswan strongswan 4.5.3
strongswan strongswan 5.0.1
strongswan strongswan 5.0.3
strongswan strongswan 4.6.1
strongswan strongswan 4.6.2
strongswan strongswan 4.6.3
strongswan strongswan 4.6.4
strongswan strongswan 4.3.3
strongswan strongswan 4.3.5
strongswan strongswan 4.5.2
strongswan strongswan 4.6.0
strongswan strongswan 5.0.0
strongswan strongswan 5.0.2

A vulnerability has been found in the ASN1 parser of strongSwan, an IKE daemon used to establish IPsec protected links By sending a crafted ID_DER_ASN1_DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a denial of service (daemon crash) or an authorization bypass (impersonating a different user, potentially ...

CWE-119 http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html http://www.debian.org/security/2012/dsa-2789 https://nvd.nist.gov https://www.debian.org/security/./dsa-2789

CVE-2013-6075

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect