|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 1760-1 (openswan)|
|Summary:||Debian Security Advisory DSA 1760-1 (openswan)|
The remote host is missing an update to openswan
announced via advisory DSA 1760-1.
Two vulnerabilities have been discovered in openswan, an IPSec
implementation for linux. The Common Vulnerabilities and Exposures
project identifies the following problems:
Dmitry E. Oboukhov discovered that the livetest tool is using temporary
files insecurely, which could lead to a denial of service attack.
Gerd v. Egidy discovered that the Pluto IKE daemon in openswan is prone
to a denial of service attack via a malicious packet.
For the stable distribution (lenny), this problem has been fixed in
For the oldstable distribution (etch), this problem has been fixed in
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.
We recommend that you upgrade your openswan packages.
Common Vulnerability Exposure (CVE) ID: CVE-2008-4190|
Bugtraq: 20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation (Google Search)
Debian Security Information: DSA-1760 (Google Search)
BugTraq ID: 31243
XForce ISS Database: openswan-livetest-symlink(45250)
Common Vulnerability Exposure (CVE) ID: CVE-2009-0790
Bugtraq: 20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec (Google Search)
Debian Security Information: DSA-1759 (Google Search)
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
BugTraq ID: 34296
XForce ISS Database: openswan-strongswan-dpd-dos(49523)
|Copyright||Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.