Xelerance Openswan vulnerabilities

15 known vulnerabilities affecting xelerance/openswan.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

HIGH3MEDIUM12

Vulnerabilities

Page 1 of 1

CVE-2018-15836HIGHCVSS 7.5fixed in 2.6.50.12018-09-26

CVE-2018-15836 [HIGH] CWE-347 CVE-2018-15836: In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implemen In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are

nvd

CVE-2014-2037MEDIUMCVSS 5.0v2.6.402014-11-26

CVE-2014-2037 [MEDIUM] CWE-20 CVE-2014-2037: Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and I Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

nvd

CVE-2013-6466MEDIUMCVSS 5.0≤ 2.6.39v2.3.0+72 more2014-01-26

CVE-2013-6466 [MEDIUM] CVE-2013-6466: Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer deref Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

nvd

CVE-2013-2053MEDIUMCVSS 6.8≤ 2.6.38v2.6.01+36 more2013-07-09

CVE-2013-2053 [MEDIUM] CWE-119 CVE-2013-2053: Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is en Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2

nvd

CVE-2011-4073MEDIUMCVSS 4.0v2.3.0v2.3.1+69 more2011-11-17

CVE-2011-4073 [MEDIUM] CWE-399 CVE-2011-4073: Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 thr Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

nvd

CVE-2011-3380MEDIUMCVSS 5.0v2.6.29v2.6.30+5 more2011-11-17

CVE-2011-3380 [MEDIUM] CVE-2011-3380: Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer de Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

nvd

CVE-2010-3308MEDIUMCVSS 6.5v2.6.26v2.6.27+1 more2010-10-05

CVE-2010-3308 [MEDIUM] CWE-94 CVE-2010-3308: Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allo Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field.

nvd

CVE-2010-3302MEDIUMCVSS 6.5v2.6.25v2.6.26+2 more2010-10-05

CVE-2010-3302 [MEDIUM] CWE-119 CVE-2010-3302: Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allo Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.

nvd

CVE-2010-3753MEDIUMCVSS 6.5v2.6.26v2.6.27+1 more2010-10-05

CVE-2010-3753 [MEDIUM] CVE-2010-3753: programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated g programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.

nvd

CVE-2010-3752MEDIUMCVSS 6.5v2.6.25v2.6.26+2 more2010-10-05

CVE-2010-3752 [MEDIUM] CVE-2010-3752: programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated g programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

nvd

CVE-2009-2185MEDIUMCVSS 5.0v2.4.0v2.4.1+24 more2009-06-25

CVE-2009-2185 [MEDIUM] CWE-20 CVE-2009-2185: The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relativ

nvd

CVE-2009-0790MEDIUMCVSS 5.0v2.4.0v2.4.1+24 more2009-04-01

CVE-2009-0790 [MEDIUM] CWE-20 CVE-2009-0790: The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and S The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NU

nvd

CVE-2008-4190MEDIUMCVSS 4.4PoCv2.3.1v2.4.0+16 more2008-09-24

CVE-2008-4190 [MEDIUM] CWE-59 CVE-2008-4190: The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files. NOTE: in many distributions and the upstream version, this tool has been disabled.

nvd

CVE-2005-3671HIGHCVSS 7.8v2.4.02005-11-18

CVE-2005-3671 [HIGH] CVE-2005-3671: The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrat

nvd

CVE-2005-0162HIGHCVSS 7.2v2.3.02005-01-26

CVE-2005-0162 [HIGH] CVE-2005-0162: Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Open Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

nvd