Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability note CVE-2009-2185

Openswan, strongSwan: denials of service of ASN.1

Synthesis of the vulnerability

An attacker can send malformed ASN.1 data in order to stop Openswan or strongSwan.
Severity: 2/4.
Creation date: 22/06/2009.
Revision date: 23/06/2009.

Impacted products

Description of the vulnerability

The Openswan/strongSwan product implements IPsec for Linux. The ASN.1 format is used by X.509 certificates.

A RDN (Relative Distinguished Name) indicates the unique name of an object in a local context. ASN.1 decoding functions do not check the size of the RDN. An attacker can therefore use a malicious RDN in order to generate a denial of service and possibly to execute code. [severity:2/4; >]

The ASN.1 UTCTIME and GENERALIZEDTIME types represent a date as a string such as "19991231235959" or "19991231235959.999". Decoding functions use sscanf() to analyze the string. However, the return code of sscanf() is not checked. A malicious string thus generates a fatal error. [severity:2/4; >]

An attacker can therefore send malformed ASN.1 data in order to stop Openswan or strongSwan.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Openswan, strongSwan: denials of service of ASN.1

Characteristics

Title: Openswan, strongSwan: denials of service of ASN.1.
Keywords: 509 999 19991231235959 ASN Distinguished GENERALIZEDTIME IPsec Linux Name Openswan RDN Relative UTCTIME denials service strongSwan.
Identifiers: BID-35452, CVE-2009-2185, DSA 1898-1, DSA-1899-1, FEDORA-2009-7423, FEDORA-2009-7478, MDVSA-2009:273, RHSA-2009:1138-01, SUSE-SR:2009:013, VIGILANCE-VUL-8814.

Information sources

Publications and announces
Source example: Changelog strongswan-4.3.2

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : asn1_rdn_patch

A RDN (Relative Distinguished Name) indicates the unique name of an object in a local context. ASN.1 decoding functions do not check the size of the RDN. An attacker can therefore use a malicious RDN in order to generate a denial of service and possibly to execute code.
Severity: 2/4.
Publications and announces

Vulnerability : asn1_time_patch

The ASN.1 UTCTIME and GENERALIZEDTIME types represent a date as a string such as "19991231235959" or "19991231235959.999". Decoding functions use sscanf() to analyze the string. However, the return code of sscanf() is not checked. A malicious string thus generates a fatal error.
Severity: 2/4.
Publications and announces

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities announce. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française