[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: two denial of service bugs in
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-06-06 17:45:54
Message-ID: Pine.GSO.4.51.0906061345480.28142 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2009-1957
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1957
Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt
Reference: CONFIRM:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.patch
                
Reference: CONFIRM:http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme


charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1
allows remote attackers to cause a denial of service (NULL pointer
dereference and crash) via an invalid IKE_SA_INIT request that
triggers "an incomplete state," followed by a CREATE_CHILD_SA request.


======================================================
Name: CVE-2009-1958
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1958
Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt
Reference: CONFIRM:http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.patch
                
Reference: CONFIRM:http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme


charon/sa/tasks/child_create.c in the charon daemon in strongSWAN
before 4.3.1 switches the NULL checks for TSi and TSr payloads, which
allows remote attackers to cause a denial of service via an IKE_AUTH
request without a (1) TSi or (2) TSr traffic selector.


[prev in list] [next in list] [prev in thread] [next in thread]