Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 275234

Summary: <net-misc/strongswan-4.2.16 ASN.1 Parsing Remote Denial of Service
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: trivial CC: maintainer-needed, robbat2
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://download.strongswan.org/CHANGES42.txt
Whiteboard: ~3 [ebuild]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2009-06-24 00:01:47 UTC 
strongswan-4.2.16
-----------------

- Applying their fuzzing tool, the Orange Labs vulnerability research team
  found another two DoS vulnerabilities, one in the rather old ASN.1 parser
  of Relative Distinguished Names (RDNs) and a second one in the conversion
  of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value.
  Malformed X.509 certificate RDNs or timestamps can cause the pluto IKE
  daemon to crash and restart.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-06-24 00:37:06 UTC 
old cvs, sorry.

*** This bug has been marked as a duplicate of bug 275096 ***