English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92446 CVE descriptions
and 51095 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63711
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:0402
Summary:Redhat Security Advisory RHSA-2009:0402
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:0402.

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).

Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in
Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD
packet to crash the pluto daemon. (CVE-2009-0790)

It was discovered that Openswan's livetest script created temporary files
in an insecure manner. A local attacker could use this flaw to overwrite
arbitrary files owned by the user running the script. (CVE-2008-4190)

Note: The livetest script is an incomplete feature and was not
automatically executed by any other script distributed with Openswan, or
intended to be used at all, as was documented in its man page. In these
updated packages, the script only prints an informative message and exits
immediately when run.

All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, the ipsec service will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0402.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-4190
Bugtraq: 20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501624/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/501640/100/0/threaded
http://www.milw0rm.com/exploits/9135
http://www.openwall.com/lists/oss-security/2008/10/30/2
Debian Security Information: DSA-1760 (Google Search)
http://www.debian.org/security/2009/dsa-1760
http://www.redhat.com/support/errata/RHSA-2009-0402.html
BugTraq ID: 31243
http://www.securityfocus.com/bid/31243
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10078
http://secunia.com/advisories/34182
http://secunia.com/advisories/34472
XForce ISS Database: openswan-livetest-symlink(45250)
http://xforce.iss.net/xforce/xfdb/45250
Common Vulnerability Exposure (CVE) ID: CVE-2009-0790
Bugtraq: 20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502270/100/0/threaded
Debian Security Information: DSA-1759 (Google Search)
http://www.debian.org/security/2009/dsa-1759
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
BugTraq ID: 34296
http://www.securityfocus.com/bid/34296
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11171
http://www.securitytracker.com/id?1021949
http://www.securitytracker.com/id?1021950
http://secunia.com/advisories/34483
http://secunia.com/advisories/34494
http://secunia.com/advisories/34546
http://www.vupen.com/english/advisories/2009/0886
XForce ISS Database: openswan-strongswan-dpd-dos(49523)
http://xforce.iss.net/xforce/xfdb/49523
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 51095 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.