{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-08-15T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20090727 CVE id request: strongswan", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"}, {"name": "SUSE-SR:2009:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"}, {"name": "36922", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36922"}, {"name": "DSA-1899", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1899"}, {"name": "ADV-2009-2247", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2247"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"}, {"name": "SUSE-SR:2009:016", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"}, {"name": "[Announce] 20090723 ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2661", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20090727 CVE id request: strongswan", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"}, {"name": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch", "refsource": "CONFIRM", "url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"}, {"name": "SUSE-SR:2009:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"}, {"name": "36922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36922"}, {"name": "DSA-1899", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1899"}, {"name": "ADV-2009-2247", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2247"}, {"name": "http://up2date.astaro.com/2009/08/up2date_7505_released.html", "refsource": "CONFIRM", "url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"}, {"name": "SUSE-SR:2009:016", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"name": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch", "refsource": "CONFIRM", "url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"}, {"name": "[Announce] 20090723 ANNOUNCE: strongswan-2.8.11 and strongswan-4.2.17 released", "refsource": "MLIST", "url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2661", "datePublished": "2009-08-04T16:13:00", "dateReserved": "2009-08-04T00:00:00", "dateUpdated": "2009-08-15T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "5518A917-D5D1-4985-BF71-B1A34BD3D5B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "778D7442-F54A-47DF-B87B-3CFA3CF08799", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A4B1F28-B3B8-4E31-8E4E-25F5A29F3AB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "16984E6E-7CA8-4DC3-B800-FFE007617FE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "4C85F0BE-7E89-4B79-A036-9238785BE705", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "8DFF4780-2F92-4DF3-878A-C7E2BD57E39C", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C794994-9367-4BBB-8940-BBB44B7C1C5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "082272D3-0FE4-4959-978A-FFF795B52CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "8DFEF9B3-C7F7-4588-A174-FAFD39C04116", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:2.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "8E18EB62-1042-4F26-9EC3-B7EEA2182716", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "97027262-849C-4DE9-90C9-0D9FBBC9F96B", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8658539D-27D8-47EE-9468-A6B625E6D45F", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "89ACA351-D10F-4D1A-95B0-4B2E329F1E1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7A4D6E89-5313-4016-8A7E-036579330DB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "C41F9E10-000D-4F3B-BEA6-DEE87405B89B", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "4F37DFE8-2996-4904-B733-7BAECA95CB48", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "38209DC9-3BE6-49EF-8BA1-6E2BC5D24FEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "155EB8F5-7C3C-4293-91EE-62DA561DA54A", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "E42B67A3-8650-426F-A8E8-DCA4180D787A", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "21CDA326-C5E4-4BAF-9DC6-4E5A57304C1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "7AF119CF-2CC5-4313-8722-06BCE3DC6255", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "384C0CAE-8AC3-47AA-9F1C-9DE6779CA583", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "00BC4DA6-BFD1-43CF-B8B8-DACBF09E4721", "vulnerable": true}, {"criteria": "cpe:2.3:a:strongswan:strongswan:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "FEDBF811-7E48-4E99-AE05-FFC12AAF1CDF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185."}, {"lang": "es", "value": "La funci\u00f3n asn1_length en strongSwan 2.8 antes de 2.8.11, 4.2 antes de 4.2.17 y 4.3 antes de 4.3.3 no maneja adecuadamente certificados X.509 con Relative Distinguished Names (RDNs) modificados, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del demonio pluto IKE) mediante datos ASN.1 malformados. NOTA: Esto es debido a una soluci\u00f3n incompleta de CVE-2009-2185."}], "id": "CVE-2009-2661", "lastModified": "2009-11-24T07:02:12.127", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-04T16:30:00.483", "references": [{"source": "cve@mitre.org", "url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.3.x_asn1_length.patch"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://download.strongswan.org/patches/07_asn1_length_patch/strongswan-4.x.x_asn1_length.patch"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/36922"}, {"source": "cve@mitre.org", "url": "http://up2date.astaro.com/2009/08/up2date_7505_released.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1899"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/07/27/1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2247"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.strongswan.org/pipermail/announce/2009-July/000056.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}