The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Openswan

computer vulnerability announce 28737

Openswan: memory leak

Synthesis of the vulnerability

An attacker can create a memory leak of Openswan, in order to trigger a denial of service.
Impacted products: Openswan.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 13/03/2019.
Identifiers: VIGILANCE-VUL-28737.

Description of the vulnerability

An attacker can create a memory leak of Openswan, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-15836

Openswan: information disclosure via RSA Padding Attack

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via RSA Padding Attack of Openswan, in order to obtain sensitive information.
Impacted products: Openswan.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 27/08/2018.
Identifiers: CVE-2018-15836, VIGILANCE-VUL-27078.

Description of the vulnerability

An attacker can bypass access restrictions to data via RSA Padding Attack of Openswan, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-3240

Openswan: denial of service via IKE Diffie-Hellman

Synthesis of the vulnerability

An attacker can send a malicious IKE packet, to force an assertion error in a DH computation by Openswan, in order to trigger a denial of service.
Impacted products: Openswan, RHEL.
Severity: 3/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 28/08/2015.
Identifiers: CVE-2015-3240, RHSA-2015:1979-01, VIGILANCE-VUL-17774.

Description of the vulnerability

The Openswan product can be compiled with NSS.

The NSS library performs exponentiation computations for Diffie-Hellman.

When Openswan receives an IKE packet with g^x set to zero, it asks NSS to perform the next exponentiation. As NSS cannot perform this operation on zero, it returns NULL. However, Openswan does when not expect this case, and calls passert(), so an assertion error occurs, which stops the process.

An attacker can therefore send a malicious IKE packet, to force an assertion error in a DH computation by Openswan, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 16951

TLS, SSH, VPN: weakening Diffie-Hellman via common primes

Synthesis of the vulnerability

An attacker, located as a Man-in-the-Middle, can obtain the DH keys used by the TLS/SSH/VPN client/server, in order to more easily capture or alter exchanged data.
Impacted products: Apache httpd, AnyConnect VPN Client, IVE OS, Juniper SA, lighttpd, nginx, OpenSSH, OpenSSL, Openswan, Postfix, SSL protocol, Sendmail.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 20/05/2015.
Identifiers: VIGILANCE-VUL-16951.

Description of the vulnerability

The Diffie-Hellman algorithm is used to exchange cryptographic keys. It is used by TLS, SSH and VPNs (IPsec).

Most servers use the same prime numbers (standardized in RFC 3526). An attacker can thus pre-compute values (100000 core CPU hours, so during a week for 512 bits with 100 computers approximately) and use the "number field sieve discrete log algorithm" attack to quickly obtain the used DH keys, and decrypt a session.

The 512 bits sets are considered as broken, and the 1024 bits sets are considered as breakable by a state.

For TLS, this vulnerability can be exploited after Logjam (VIGILANCE-VUL-16950).

An attacker, located as a Man-in-the-Middle, can therefore obtain the DH keys used by the TLS/SSH/VPN client/server, in order to more easily capture or alter exchanged data.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2014-2037

Openswan: NULL pointer dereference via IKEv2

Synthesis of the vulnerability

An attacker can dereference a NULL pointer via IKEv2 in Openswan, in order to trigger a denial of service.
Impacted products: Openswan.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 18/02/2014.
Identifiers: BID-65629, CVE-2014-2037, VIGILANCE-VUL-14270.

Description of the vulnerability

The Openswan product uses the IKEv2 protocol to exchange information about keys.

However, a function decoding the IKEv2 packet does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer via IKEv2 in Openswan, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2013-6466 CVE-2013-6467

Libreswan, Openswan: NULL pointer dereference via IKEv2

Synthesis of the vulnerability

An attacker can dereference a NULL pointer via IKEv2 in Libreswan or Openswan, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Openswan, RHEL, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/01/2014.
Identifiers: BID-65155, CVE-2013-6466, CVE-2013-6467, DSA-2893-1, FEDORA-2014-1092, FEDORA-2014-1121, RHSA-2014:0185-01, VIGILANCE-VUL-14149.

Description of the vulnerability

The Libreswan and Openswan products use the IKEv2 protocol to exchange information about keys.

However, a function decoding the IKEv2 packet does not check if a pointer is NULL, before using it.

An attacker can therefore dereference a NULL pointer via IKEv2 in Libreswan or Openswan, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-2053

Openswan: buffer overflow of atodn

Synthesis of the vulnerability

When Opportunistic Encryption is enabled ("oe=yes"), an attacker can generate a buffer overflow in Openswan, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Openswan, RHEL, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 15/05/2013.
Identifiers: BID-59838, CVE-2013-2053, DSA-2893-1, MDVSA-2013:231, RHSA-2013:0827-01, SUSE-SU-2013:1150-1, VIGILANCE-VUL-12828.

Description of the vulnerability

When Opportunistic Encryption is enabled ("oe=yes"), the IKE pluto daemon queries DNS TXT records, in order to obtain public keys.

These records contain the name of the IPsec gateway. This name is transmitted to the atoid() function, then to atodn(). However, the atodn() function stores the name in a array of three bytes. An overflow thus occurs.

In order to exploit this vulnerability, the attacker has to ask to connect to an IP address for which he can spoof a reverse DNS TXT reply.

An attacker can therefore generate a buffer overflow in Openswan, in order to trigger a denial of service, and possibly to execute code.

This vulnerability has the same origin as VIGILANCE-VUL-12827 and VIGILANCE-VUL-12829.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2011-4073

Openswan: denial of service via Crypto Helper

Synthesis of the vulnerability

When Openswan uses a Crypto Helper, a remote attacker can interrupt an IKE session, in order to stop the pluto daemon.
Impacted products: Debian, Fedora, Openswan, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 02/11/2011.
Identifiers: BID-50440, CVE-2011-4073, DSA-2374-1, FEDORA-2011-15077, FEDORA-2011-15127, FEDORA-2011-15196, MDVSA-2013:231, RHSA-2011:1422-01, SUSE-SU-2011:1310-1, SUSE-SU-2011:1311-1, VIGILANCE-VUL-11112.

Description of the vulnerability

The pluto IKE daemon of Openswan can be configured with Crypto Helpers, which do cryptographic tasks in distinct processes, so the daemon is not slowed down.

A client can connect to the daemon and do an ISAKMP Phase 1 authentication. The phase 2 is then done by a Crypto Helper. However, if the client interrupts his session, the results of the Crypto Helper uses the qke_continuation pointer which points to a recently freed memory area. The memory is thus corrupted by the result of the Crypto Helper.

When Openswan uses a Crypto Helper, a remote attacker can therefore interrupt an IKE session, in order to stop the pluto daemon.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-3380

Openswan: denial of service via KEY_LENGTH

Synthesis of the vulnerability

An attacker can send an ISAKMP message with an invalid KEY_LENGTH attribute, in order to restart Openswan.
Impacted products: Fedora, Openswan, RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 05/10/2011.
Identifiers: BID-49984, CVE-2011-3380, FEDORA-2011-13862, FEDORA-2011-13864, RHSA-2011:1356-01, VIGILANCE-VUL-11038.

Description of the vulnerability

The Openswan IKE Pluto daemon manages ISAKMP messages, which can be received from IP addresses allowed in the policy.

When an ISAKMP message contains an invalid KEY_LENGTH attribute, the ike_alg_enc_ok() function of file programs/pluto/ike_alg.c detects the error, and then stores an error message at the address indicated by the "errp" pointer.

However, the parse_isakmp_sa_body() function uses a NULL "errp" pointer. The ike_alg_enc_ok() function then dereferences this NULL pointer, which stops the daemon.

An attacker can therefore send an ISAKMP message with an invalid KEY_LENGTH attribute, in order to restart Openswan.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2010-3302 CVE-2010-3308 CVE-2010-3752

Openswan: buffer overflow of client via XAUTH Cisco

Synthesis of the vulnerability

An attacker can invite the victim to connect to a malicious gateway with XAUTH Cisco, in order to execute code on his computer.
Impacted products: Fedora, Openswan, RHEL.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/09/2010.
Identifiers: BID-43588, CVE-2010-3302, CVE-2010-3308, CVE-2010-3752, CVE-2010-3753, FEDORA-2010-15381, FEDORA-2010-15508, FEDORA-2010-15516, RHSA-2010:0892-01, VIGILANCE-VUL-9979.

Description of the vulnerability

The Openswan client can be configured to connect to a Cisco compatible gateway with XAUTH. The configuration thus contains "*xauthclient=yes" and "remote_peer_type=cisco". In this configuration, the Openswan client is impacted by two vulnerabilities.

The gateway can send long cisco_dns_info and cisco_domain_info fields, in order to generate a buffer overflow in the Openswan client. [severity:3/4; CVE-2010-3302, CVE-2010-3752]

The gateway can send a long cisco_banner field, in order to generate a buffer overflow in the Openswan client. [severity:3/4; CVE-2010-3308, CVE-2010-3753]

An attacker can therefore invite the victim to connect to a malicious gateway with XAUTH Cisco, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Openswan: