var-201401-0259
Vulnerability from variot
Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue to restart the application, resulting in a denial-of-service condition to legitimate users. Openswan 2.6.39 and prior are vulnerable.
CVE-2013-2053
During an audit of Libreswan (with which Openswan shares some code),
Florian Weimer found a remote buffer overflow in the atodn()
function. This vulnerability can be triggered when Opportunistic
Encryption (OE) is enabled and an attacker controls the PTR record
of a peer IP address.
Authentication is not needed to trigger the vulnerability.
CVE-2013-6466
Iustina Melinte found a vulnerability in Libreswan which also
applies to the Openswan code. By carefuly crafting IKEv2 packets, an
attacker can make the pluto daemon derefeences non-received IKEv2
payload, leading to the daemon crash.
Authentication is not needed to trigger the vulnerability.
Patches were originally written to fix the vulnerabilities in Libreswan, and have been ported to Openswan by Paul Wouters from the Libreswan Project.
Since the Openswan package is not maintained anymore in the Debian distribution and is not available in testing and unstable suites, it is recommended for IKE/IPsec users to switch to a supported implementation like strongSwan.
For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.28+dfsg-5+squeeze2.
For the stable distribution (wheezy), these problems have been fixed in version 2.6.37-3.1.
We recommend that you upgrade your openswan packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: openswan security update Advisory ID: RHSA-2014:0185-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0185.html Issue date: 2014-02-18 CVE Names: CVE-2013-6466 =====================================================================
- Summary:
Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. (CVE-2013-6466)
All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1050277 - CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm
i386: openswan-2.6.32-7.3.el5_10.i386.rpm openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm openswan-doc-2.6.32-7.3.el5_10.i386.rpm
x86_64: openswan-2.6.32-7.3.el5_10.x86_64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm
i386: openswan-2.6.32-7.3.el5_10.i386.rpm openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm openswan-doc-2.6.32-7.3.el5_10.i386.rpm
ia64: openswan-2.6.32-7.3.el5_10.ia64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.ia64.rpm openswan-doc-2.6.32-7.3.el5_10.ia64.rpm
ppc: openswan-2.6.32-7.3.el5_10.ppc.rpm openswan-debuginfo-2.6.32-7.3.el5_10.ppc.rpm openswan-doc-2.6.32-7.3.el5_10.ppc.rpm
s390x: openswan-2.6.32-7.3.el5_10.s390x.rpm openswan-debuginfo-2.6.32-7.3.el5_10.s390x.rpm openswan-doc-2.6.32-7.3.el5_10.s390x.rpm
x86_64: openswan-2.6.32-7.3.el5_10.x86_64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
ppc64: openswan-2.6.32-27.2.el6_5.ppc64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm
s390x: openswan-2.6.32-27.2.el6_5.s390x.rpm openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm
x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm
ppc64: openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm openswan-doc-2.6.32-27.2.el6_5.ppc64.rpm
s390x: openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm openswan-doc-2.6.32-27.2.el6_5.s390x.rpm
x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm
i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm
x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2013-6466.html https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTA6D7XlSAg2UNWIIRAkO0AKCCIbfDJPZuuXS7U6rZU8/CimQlxwCeIPUb dpyjtxp6hcgn2NES8FPSOkw= =jFWA -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
Background
Openswan is an implementation of IPsec for Linux.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openswan <= 2.6.39-r1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers.
Impact
A remote attacker could create a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Openswan. We recommend that users unmerge Openswan:
# emerge --unmerge "net-misc/openswan"
NOTE: The Gentoo developer(s) maintaining Openswan have discontinued support at this time. It may be possible that a new Gentoo developer will update Openswan at a later date. Alternatives packages such as Libreswan and strongSwan are currently available in Gentoo Portage.
References
[ 1 ] CVE-2013-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6466
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201411-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.06"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.17"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.0"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.09"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.13"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.14"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.18"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.21"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.13"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.08"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.9"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.3.0"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.28"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.20"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.24"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.07"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.0"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.33"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.12"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.19"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.31"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.04"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.03"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.35"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.05"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.04"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.32"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.11"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.14"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.8"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.12"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.4"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.29"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.07"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.01"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.16"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.27"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.2"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.23"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.7"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.6"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.30"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.25"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.16"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.13"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.01"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.06"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.11"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.3"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.15"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.10"
},
{
"model": "openswan",
"scope": "lte",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.39"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.1"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.36"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.17"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.3.1"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.08"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.02"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.02"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.22"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.10"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.18"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.34"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.03"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.37"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.38"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.5"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.4.11"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.12"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.15"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.26"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.10"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.6.05"
},
{
"model": "openswan",
"scope": "eq",
"trust": 1.0,
"vendor": "xelerance",
"version": "2.5.09"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.38"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.37"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.34"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.31"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.30"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.39"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.36"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.35"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.9,
"vendor": "openswan",
"version": "2.6.33"
},
{
"model": "openswan",
"scope": "lte",
"trust": 0.8,
"vendor": "openswan",
"version": "2.6.39"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.6,
"vendor": "openswan",
"version": "3.7"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.6,
"vendor": "openswan",
"version": "2.6.32"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "contact fl mguard smart2 vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard smart2 vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard smart2",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard smart2",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs4004 tx/dtx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs4004 tx/dtx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs4004 tx/dtx",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs4004 tx/dtx",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs4000 tx/tx-p",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs4000 tx/tx-p",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs4000 tx/tx vpn-m",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs4000 tx/tx vpn-m",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs4000 tx/tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs4000 tx/tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs4000 tx/tx",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs4000 tx/tx",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs2005 tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs2005 tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs2000 tx/tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs2000 tx/tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs vpn analog",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs vpn analog",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard rs",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard rs",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard pcie4000 vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard pcie4000 vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard pci4000 vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard pci4000 vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard pci4000",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard pci4000",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard gt/gt vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard gt/gt vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard gt/gt",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard gt/gt",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard delta tx/tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard delta tx/tx vpn",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard delta tx/tx",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard delta tx/tx",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "contact fl mguard centerport",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.1"
},
{
"model": "contact fl mguard centerport",
"scope": "eq",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.24"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.23"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.22"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.21"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.20"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.19"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.18"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.17"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.16"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.15"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.14"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.2"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.29"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.28"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.27"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.26"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.25"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.13"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.12"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.11"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.10"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.09"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.08"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.07"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.06"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.05"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.04"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.03"
},
{
"model": "openswan",
"scope": "eq",
"trust": 0.3,
"vendor": "openswan",
"version": "2.6.01"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53003.0"
},
{
"model": "aura application server sip core",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "53002.0"
},
{
"model": "contact fl mguard smart2 vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard smart2",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs4004 tx/dtx vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs4004 tx/dtx",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs4000 tx/tx-p",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs4000 tx/tx vpn-m",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs4000 tx/tx vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs4000 tx/tx",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs2005 tx vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs2000 tx/tx vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs vpn analog",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard rs",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard pcie4000 vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard pci4000 vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard pci4000",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard gt/gt vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard gt/gt",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard delta tx/tx vpn",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard delta tx/tx",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
},
{
"model": "contact fl mguard centerport",
"scope": "ne",
"trust": 0.3,
"vendor": "phoenix",
"version": "8.5.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "BID",
"id": "65155"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:openswan:openswan",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Iustina Melinte",
"sources": [
{
"db": "BID",
"id": "65155"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6466",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2013-6466",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00690",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6466",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6466",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-00690",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-547",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. \nAn attacker may exploit this issue to restart the application, resulting in a denial-of-service condition to legitimate users. \nOpenswan 2.6.39 and prior are vulnerable. \n\nCVE-2013-2053\n\n During an audit of Libreswan (with which Openswan shares some code),\n Florian Weimer found a remote buffer overflow in the atodn()\n function. This vulnerability can be triggered when Opportunistic\n Encryption (OE) is enabled and an attacker controls the PTR record\n of a peer IP address. \n Authentication is not needed to trigger the vulnerability. \n\nCVE-2013-6466\n\n Iustina Melinte found a vulnerability in Libreswan which also\n applies to the Openswan code. By carefuly crafting IKEv2 packets, an\n attacker can make the pluto daemon derefeences non-received IKEv2\n payload, leading to the daemon crash. \n Authentication is not needed to trigger the vulnerability. \n\nPatches were originally written to fix the vulnerabilities in Libreswan,\nand have been ported to Openswan by Paul Wouters from the Libreswan\nProject. \n\nSince the Openswan package is not maintained anymore in the Debian\ndistribution and is not available in testing and unstable suites, it is\nrecommended for IKE/IPsec users to switch to a supported implementation\nlike strongSwan. \n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 2.6.28+dfsg-5+squeeze2. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.6.37-3.1. \n\nWe recommend that you upgrade your openswan packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: openswan security update\nAdvisory ID: RHSA-2014:0185-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0185.html\nIssue date: 2014-02-18\nCVE Names: CVE-2013-6466 \n=====================================================================\n\n1. Summary:\n\nUpdated openswan packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenswan is a free implementation of Internet Protocol Security (IPsec) and\nInternet Key Exchange (IKE). IPsec uses strong cryptography to provide both\nauthentication and encryption services. These services allow you to build\nsecure tunnels through untrusted networks. (CVE-2013-6466)\n\nAll openswan users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1050277 - CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm\n\ni386:\nopenswan-2.6.32-7.3.el5_10.i386.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm\nopenswan-doc-2.6.32-7.3.el5_10.i386.rpm\n\nx86_64:\nopenswan-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-doc-2.6.32-7.3.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm\n\ni386:\nopenswan-2.6.32-7.3.el5_10.i386.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm\nopenswan-doc-2.6.32-7.3.el5_10.i386.rpm\n\nia64:\nopenswan-2.6.32-7.3.el5_10.ia64.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.ia64.rpm\nopenswan-doc-2.6.32-7.3.el5_10.ia64.rpm\n\nppc:\nopenswan-2.6.32-7.3.el5_10.ppc.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.ppc.rpm\nopenswan-doc-2.6.32-7.3.el5_10.ppc.rpm\n\ns390x:\nopenswan-2.6.32-7.3.el5_10.s390x.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.s390x.rpm\nopenswan-doc-2.6.32-7.3.el5_10.s390x.rpm\n\nx86_64:\nopenswan-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm\nopenswan-doc-2.6.32-7.3.el5_10.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-2.6.32-27.2.el6_5.i686.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\nopenswan-doc-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-2.6.32-27.2.el6_5.i686.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\n\nppc64:\nopenswan-2.6.32-27.2.el6_5.ppc64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm\n\ns390x:\nopenswan-2.6.32-27.2.el6_5.s390x.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm\n\nx86_64:\nopenswan-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\nopenswan-doc-2.6.32-27.2.el6_5.i686.rpm\n\nppc64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.ppc64.rpm\n\ns390x:\nopenswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm\nopenswan-doc-2.6.32-27.2.el6_5.s390x.rpm\n\nx86_64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-2.6.32-27.2.el6_5.i686.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm\n\ni386:\nopenswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm\nopenswan-doc-2.6.32-27.2.el6_5.i686.rpm\n\nx86_64:\nopenswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm\nopenswan-doc-2.6.32-27.2.el6_5.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-6466.html\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTA6D7XlSAg2UNWIIRAkO0AKCCIbfDJPZuuXS7U6rZU8/CimQlxwCeIPUb\ndpyjtxp6hcgn2NES8FPSOkw=\n=jFWA\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBackground\n==========\n\nOpenswan is an implementation of IPsec for Linux. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/openswan \u003c= 2.6.39-r1 Vulnerable!\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n\nImpact\n======\n\nA remote attacker could create a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nGentoo has discontinued support for Openswan. We recommend that users\nunmerge Openswan:\n\n # emerge --unmerge \"net-misc/openswan\"\n\nNOTE: The Gentoo developer(s) maintaining Openswan have discontinued\nsupport at this time. It may be possible that a new Gentoo developer\nwill update Openswan at a later date. Alternatives packages such as\nLibreswan and strongSwan are currently available in Gentoo Portage. \n\nReferences\n==========\n\n[ 1 ] CVE-2013-6466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6466\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201411-07.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6466"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "BID",
"id": "65155"
},
{
"db": "PACKETSTORM",
"id": "125973"
},
{
"db": "PACKETSTORM",
"id": "125264"
},
{
"db": "PACKETSTORM",
"id": "129235"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6466",
"trust": 3.6
},
{
"db": "BID",
"id": "65155",
"trust": 2.5
},
{
"db": "CERT@VDE",
"id": "VDE-2017-001",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-250-02",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-00690",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "125973",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125264",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129235",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "BID",
"id": "65155"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "PACKETSTORM",
"id": "125973"
},
{
"db": "PACKETSTORM",
"id": "125264"
},
{
"db": "PACKETSTORM",
"id": "129235"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"id": "VAR-201401-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
}
]
},
"last_update_date": "2024-11-23T20:41:38.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2013-6467 Libreswan dereferencing missing IKEv2 payloads causes restart",
"trust": 0.8,
"url": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.openswan.org/"
},
{
"title": "RHSA-2014:0185",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2014-0185.html"
},
{
"title": "Patch for Openswan IKEv2 Load Remote Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/43206"
},
{
"title": "openswan-latest",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47728"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0185.html"
},
{
"trust": 1.6,
"url": "http://www.debian.org/security/2014/dsa-2893"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/65155"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90524"
},
{
"trust": 1.6,
"url": "https://cert.vde.com/en-us/advisories/vde-2017-001"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-250-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6466"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6466"
},
{
"trust": 0.3,
"url": "http://www.openswan.org/"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100178570"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6466"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2053"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/articles/11258"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6466.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6466"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201411-07.xml"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "BID",
"id": "65155"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "PACKETSTORM",
"id": "125973"
},
{
"db": "PACKETSTORM",
"id": "125264"
},
{
"db": "PACKETSTORM",
"id": "129235"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"db": "BID",
"id": "65155"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"db": "PACKETSTORM",
"id": "125973"
},
{
"db": "PACKETSTORM",
"id": "125264"
},
{
"db": "PACKETSTORM",
"id": "129235"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"date": "2014-01-27T00:00:00",
"db": "BID",
"id": "65155"
},
{
"date": "2014-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"date": "2014-04-01T19:02:00",
"db": "PACKETSTORM",
"id": "125973"
},
{
"date": "2014-02-19T02:48:29",
"db": "PACKETSTORM",
"id": "125264"
},
{
"date": "2014-11-24T13:32:00",
"db": "PACKETSTORM",
"id": "129235"
},
{
"date": "2014-01-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"date": "2014-01-26T20:55:05.330000",
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00690"
},
{
"date": "2017-09-08T13:13:00",
"db": "BID",
"id": "65155"
},
{
"date": "2017-09-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005932"
},
{
"date": "2019-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-547"
},
{
"date": "2024-11-21T01:59:17.140000",
"db": "NVD",
"id": "CVE-2013-6466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "125264"
},
{
"db": "PACKETSTORM",
"id": "129235"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Openswan Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005932"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-547"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.