MidnightBSD

Advisories for xelerance

CVE-2005-0162 HIGH

Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openswan openswan *
xelerance openswan 2.3.0
CVE-2005-3671 HIGH

The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openswan openswan 2.1.2
openswan openswan 2.1.5
openswan openswan 2.1.6
openswan openswan 2.3
openswan openswan 2.2
openswan openswan 2.1.1
frees_wan frees_wan 2.04
xelerance openswan 2.4.0
openswan openswan 2.1.4
CVE-2010-3302 MEDIUM

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xelerance openswan 2.6.28
xelerance openswan 2.6.27
xelerance openswan 2.6.25
xelerance openswan 2.6.26
CVE-2010-3308 MEDIUM

Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via a long cisco_banner (aka server_banner) field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-94,

Products Affected

Vendor Product Version
xelerance openswan 2.6.28
xelerance openswan 2.6.27
xelerance openswan 2.6.26
CVE-2010-3752 MEDIUM

programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
xelerance openswan 2.6.28
xelerance openswan 2.6.27
xelerance openswan 2.6.25
xelerance openswan 2.6.26
CVE-2010-3753 MEDIUM

programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in the cisco_banner (aka server_banner) field, a different vulnerability than CVE-2010-3308.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-78,

Products Affected

Vendor Product Version
xelerance openswan 2.6.28
xelerance openswan 2.6.27
xelerance openswan 2.6.26
CVE-2011-3380 MEDIUM

Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xelerance openswan 2.6.29
xelerance openswan 2.6.31
xelerance openswan 2.6.32
xelerance openswan 2.6.34
xelerance openswan 2.6.30
xelerance openswan 2.6.35
xelerance openswan 2.6.33
CVE-2011-4073 MEDIUM

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
xelerance openswan 2.5.16
xelerance openswan 2.6.20
xelerance openswan 2.6.12
xelerance openswan 2.5.15
xelerance openswan 2.5.17
xelerance openswan 2.6.18
xelerance openswan 2.6.01
xelerance openswan 2.6.13
xelerance openswan 2.6.25
xelerance openswan 2.5.0
xelerance openswan 2.4.8
xelerance openswan 2.4.9
xelerance openswan 2.5.07
xelerance openswan 2.5.01
xelerance openswan 2.6.28
xelerance openswan 2.6.14
xelerance openswan 2.4.4
xelerance openswan 2.6.04
xelerance openswan 2.5.18
xelerance openswan 2.6.26
xelerance openswan 2.6.33
xelerance openswan 2.4.2
xelerance openswan 2.4.3
xelerance openswan 2.6.02
xelerance openswan 2.4.7
xelerance openswan 2.5.03
xelerance openswan 2.5.05
xelerance openswan 2.5.08
xelerance openswan 2.6.05
xelerance openswan 2.6.31
xelerance openswan 2.5.02
xelerance openswan 2.4.6
xelerance openswan 2.6.03
xelerance openswan 2.6.34
xelerance openswan 2.5.10
xelerance openswan 2.6.09
xelerance openswan 2.4.11
xelerance openswan 2.6.10
xelerance openswan 2.4.0
xelerance openswan 2.4.12
xelerance openswan 2.6.24
xelerance openswan 2.5.12
xelerance openswan 2.6.36
xelerance openswan 2.6.21
xelerance openswan 2.5.04
xelerance openswan 2.6.08
xelerance openswan 2.6.23
xelerance openswan 2.6.11
xelerance openswan 2.6.30
xelerance openswan 2.6.35
xelerance openswan 2.4.5
xelerance openswan 2.6.29
xelerance openswan 2.3.1
xelerance openswan 2.5.14
xelerance openswan 2.6.19
xelerance openswan 2.4.10
xelerance openswan 2.6.32
xelerance openswan 2.6.22
xelerance openswan 2.4.13
xelerance openswan 2.5.06
xelerance openswan 2.6.07
xelerance openswan 2.5.09
xelerance openswan 2.5.11
xelerance openswan 2.6.15
xelerance openswan 2.6.16
xelerance openswan 2.6.06
xelerance openswan 2.6.17
xelerance openswan 2.3.0
xelerance openswan 2.6.27
xelerance openswan 2.5.13
xelerance openswan 2.4.1
CVE-2013-2053 MEDIUM

Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
xelerance openswan 2.6.20
xelerance openswan 2.6.12
xelerance openswan 2.6.24
xelerance openswan 2.6.18
xelerance openswan 2.6.36
xelerance openswan 2.6.01
xelerance openswan 2.6.21
xelerance openswan 2.6.08
xelerance openswan 2.6.13
xelerance openswan 2.6.23
xelerance openswan 2.6.25
xelerance openswan 2.6.11
xelerance openswan 2.6.30
xelerance openswan 2.6.35
xelerance openswan 2.6.29
xelerance openswan 2.6.19
xelerance openswan 2.6.28
xelerance openswan 2.6.14
xelerance openswan 2.6.32
xelerance openswan 2.6.04
xelerance openswan 2.6.22
xelerance openswan 2.6.26
xelerance openswan 2.6.33
xelerance openswan 2.6.07
xelerance openswan 2.6.02
xelerance openswan 2.6.15
xelerance openswan 2.6.37
xelerance openswan *
xelerance openswan 2.6.16
xelerance openswan 2.6.05
xelerance openswan 2.6.06
xelerance openswan 2.6.17
xelerance openswan 2.6.31
xelerance openswan 2.6.27
xelerance openswan 2.6.03
xelerance openswan 2.6.34
xelerance openswan 2.6.09
xelerance openswan 2.6.10
CVE-2013-6466 MEDIUM

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xelerance openswan 2.5.16
xelerance openswan 2.6.20
xelerance openswan 2.6.12
xelerance openswan 2.5.15
xelerance openswan 2.5.17
xelerance openswan 2.6.18
xelerance openswan 2.6.01
xelerance openswan 2.6.13
xelerance openswan 2.6.25
xelerance openswan 2.5.0
xelerance openswan 2.4.8
xelerance openswan 2.4.9
xelerance openswan 2.5.07
xelerance openswan 2.5.01
xelerance openswan 2.6.28
xelerance openswan 2.6.14
xelerance openswan 2.4.4
xelerance openswan 2.6.04
xelerance openswan 2.5.18
xelerance openswan 2.6.26
xelerance openswan 2.6.33
xelerance openswan 2.4.2
xelerance openswan 2.4.3
xelerance openswan 2.6.02
xelerance openswan 2.4.7
xelerance openswan 2.5.03
xelerance openswan 2.6.37
xelerance openswan 2.5.05
xelerance openswan 2.5.08
xelerance openswan 2.6.05
xelerance openswan 2.6.31
xelerance openswan 2.5.02
xelerance openswan 2.4.6
xelerance openswan 2.6.03
xelerance openswan 2.6.34
xelerance openswan 2.5.10
xelerance openswan 2.6.09
xelerance openswan 2.4.11
xelerance openswan 2.6.10
xelerance openswan 2.4.0
xelerance openswan 2.4.12
xelerance openswan 2.6.24
xelerance openswan 2.5.12
xelerance openswan 2.6.36
xelerance openswan 2.6.21
xelerance openswan 2.5.04
xelerance openswan 2.6.08
xelerance openswan 2.6.23
xelerance openswan 2.6.11
xelerance openswan 2.6.30
xelerance openswan 2.6.35
xelerance openswan 2.4.5
xelerance openswan 2.6.29
xelerance openswan 2.3.1
xelerance openswan 2.5.14
xelerance openswan 2.6.19
xelerance openswan 2.4.10
xelerance openswan 2.6.32
xelerance openswan 2.6.22
xelerance openswan 2.4.13
xelerance openswan 2.5.06
xelerance openswan 2.6.07
xelerance openswan 2.5.09
xelerance openswan 2.5.11
xelerance openswan 2.6.15
xelerance openswan 2.6.38
xelerance openswan *
xelerance openswan 2.6.16
xelerance openswan 2.6.06
xelerance openswan 2.6.17
xelerance openswan 2.3.0
xelerance openswan 2.6.27
xelerance openswan 2.5.13
xelerance openswan 2.4.1
CVE-2014-2037 MEDIUM

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
xelerance openswan 2.6.40
CVE-2018-15836 MEDIUM

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
xelerance openswan *
CVE-2019-10155 LOW

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.1 LOW CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L 1.6 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-354,CWE-354,

Products Affected

Vendor Product Version
strongswan strongswan *
fedoraproject fedora 30
libreswan libreswan *
fedoraproject fedora 29
redhat enterprise_linux 8.0
xelerance openswan *