Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 275234 - <net-misc/strongswan-4.2.16 ASN.1 Parsing Remote Denial of Service
Summary: <net-misc/strongswan-4.2.16 ASN.1 Parsing Remote Denial of Service
Status: RESOLVED DUPLICATE of bug 275096
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://download.strongswan.org/CHANGE...
Whiteboard: ~3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-06-24 00:01 UTC by Robert Buchholz (RETIRED)
Modified: 2009-06-24 00:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-06-24 00:01:47 UTC
strongswan-4.2.16
-----------------

- Applying their fuzzing tool, the Orange Labs vulnerability research team
  found another two DoS vulnerabilities, one in the rather old ASN.1 parser
  of Relative Distinguished Names (RDNs) and a second one in the conversion
  of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value.
  Malformed X.509 certificate RDNs or timestamps can cause the pluto IKE
  daemon to crash and restart.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-06-24 00:37:06 UTC
old cvs, sorry.

*** This bug has been marked as a duplicate of bug 275096 ***