Debian Strongswan vulnerabilities

CVE-2015-3991 [CRITICAL] CVE-2015-3991: strongswan - strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service ... strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. Scope: local bookworm: resolved (fixed in 5.3.0-2) bullseye: resolved (fixed in 5.3.0-2) forky: resolved (fixed in 5.3.0-2) sid: resolved (fixed in 5.3.0-2) trixie: resolved (fixed in 5.3.0-2)

CVE-2015-8023 [MEDIUM] CVE-2015-8023: strongswan - The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugi... The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. Scope: local bookworm: resolved (fixed in 5.3.3-3) bullseye: resolve

CVE-2015-4171 [LOW] CVE-2015-4171: strongswan - strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6... strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the respons

CVE-2014-2891 [MEDIUM] CVE-2014-2891: strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereferen strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.

CVE-2014-9221 [MEDIUM] CVE-2014-9221: strongswan - strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a d... strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. Scope: local bookworm: resolved (fixed in 5.2.1-5) bullseye: resolved (fixed in 5.2.1-5) forky: resolved (fixed in 5.2.1-5) sid: resolved (fixed in 5.2.1-5

CVE-2014-2338 [MEDIUM] CVE-2014-2338: strongswan - IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authent... IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. Scope: local bookworm: resolved (fixed in 5.1.2-4) bullseye: resolved (fixed in 5.1.2-4) forky: resolved (fixed in 5.1.2-4) sid: resolved (fixed in 5

CVE-2013-6075 [MEDIUM] CVE-2013-6075: strongswan - The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.... The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient le

CVE-2013-2054 [MEDIUM] CVE-2013-2054: strongswan - Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Op... Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.

CVE-2013-6076 [MEDIUM] CVE-2013-6076: strongswan - strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of serv... strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. Scope: local bookworm: resolved (fixed in 5.1.0-3) bullseye: resolved (fixed in 5.1.0-3) forky: resolved (fixed in 5.1.0-3) sid: resolved (fixed in 5.1.0-3) trixie: resolved (fixed in 5.1.

CVE-2013-2944 [MEDIUM] CVE-2013-2944: strongswan - strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signatur... strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature. Scope: local bookworm: resolved (fixed in 4.6.4-7) bullseye: resolved (fixed in 4.6.4-7) forky: resolved (fixed in 4.6.4-7) sid: resolved (fixed in 4.6.4-7) trixie: resolved (fixed in 4.6.

CVE-2013-5018 [MEDIUM] CVE-2013-5018: strongswan - The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly valida... The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that

CVE-2012-2388 [HIGH] CVE-2012-2388: strongswan - The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypa... The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability." Scope: local bookworm: resolved (fixed in 4.5.2-1.4) bullseye: resolved (fixed in 4.5.2-1.4) forky: resolved (fixed in 4.5.2-1.4) sid: resolved (fixed in 4.5.2-1.4) trixie: res

CVE-2010-2628 [HIGH] CVE-2010-2628: strongswan - The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not ... The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows. Scope: local bookworm: resolved (fixed in 4.4.1-1) bullseye: resolved (fixed in 4.4.1-1) forky: re

CVE-2009-1958 [MEDIUM] CVE-2009-1958: strongswan - charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 s... charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector. Scope: local bookworm: resolved (fixed in 4.2.14-1.1) bullseye: resolved (fixed in 4.2.14-1.1) forky: res

CVE-2009-1957 [MEDIUM] CVE-2009-1957: strongswan - charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote... charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request. Scope: local bookworm: resolved (fixed in 4.2.14-1.1) bullseye: resolved (fixed in 4.2.14-1.1) fo

CVE-2009-0790 [MEDIUM] CVE-2009-0790: strongswan - The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 ... The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer

CVE-2009-2185 [MEDIUM] CVE-2009-2185: strongswan - The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/as... The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distingu

CVE-2009-2661 [MEDIUM] CVE-2009-2661: strongswan - The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and... The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. Scope

CVE-2008-4551 [MEDIUM] CVE-2008-4551: strongswan - strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of servic... strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP). Scope: local bookworm: resolved (fixed in 4.2.4-