Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:273 (strongswan)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66030

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:273 (strongswan)

Resumen: The remote host is missing an update to strongswan;announced via advisory MDVSA-2009:273.

Descripción: Summary:
The remote host is missing an update to strongswan
announced via advisory MDVSA-2009:273.

Vulnerability Insight:
A vulnerability has been found and corrected in strongswan:

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c,
libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10,
4.2 before 4.2.16, and 4.3 before 4.3.2, and (b) openSwan 2.6 before
2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial
of service (pluto IKE daemon crash) via an X.509 certificate with (1)
crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME
string, or (3) a crafted GENERALIZEDTIME string (CVE-2009-2185).

This update fixes this vulnerability.

Affected: Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-2185
BugTraq ID: 35452
http://www.securityfocus.com/bid/35452
Debian Security Information: DSA-1898 (Google Search)
http://www.debian.org/security/2009/dsa-1898
Debian Security Information: DSA-1899 (Google Search)
http://www.debian.org/security/2009/dsa-1899
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
http://www.redhat.com/support/errata/RHSA-2009-1138.html
http://www.securitytracker.com/id?1022428
http://secunia.com/advisories/35522
http://secunia.com/advisories/35698
http://secunia.com/advisories/35740
http://secunia.com/advisories/35804
http://secunia.com/advisories/36922
http://secunia.com/advisories/36950
http://secunia.com/advisories/37504
http://www.vupen.com/english/advisories/2009/1639
http://www.vupen.com/english/advisories/2009/1706
http://www.vupen.com/english/advisories/2009/1829
http://www.vupen.com/english/advisories/2009/3354

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66030
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:273 (strongswan)
Resumen:	The remote host is missing an update to strongswan;announced via advisory MDVSA-2009:273.
Descripción:	Summary: The remote host is missing an update to strongswan announced via advisory MDVSA-2009:273. Vulnerability Insight: A vulnerability has been found and corrected in strongswan: The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2, and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string (CVE-2009-2185). This update fixes this vulnerability. Affected: Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2185 BugTraq ID: 35452 http://www.securityfocus.com/bid/35452 Debian Security Information: DSA-1898 (Google Search) http://www.debian.org/security/2009/dsa-1898 Debian Security Information: DSA-1899 (Google Search) http://www.debian.org/security/2009/dsa-1899 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079 http://www.redhat.com/support/errata/RHSA-2009-1138.html http://www.securitytracker.com/id?1022428 http://secunia.com/advisories/35522 http://secunia.com/advisories/35698 http://secunia.com/advisories/35740 http://secunia.com/advisories/35804 http://secunia.com/advisories/36922 http://secunia.com/advisories/36950 http://secunia.com/advisories/37504 http://www.vupen.com/english/advisories/2009/1639 http://www.vupen.com/english/advisories/2009/1706 http://www.vupen.com/english/advisories/2009/1829 http://www.vupen.com/english/advisories/2009/3354
Copyright	Copyright (C) 2009 E-Soft Inc.