Fixes for CVE-2011-4073.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

new upstream release for CVE-2011-4073

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Openswan prior to version 2.6.37. It is, therefore, affected by a remote denial of service vulnerability due to a use-after-free flaw in the cryptographic helper handler. A remote attacker can exploit this issue to cause a denial of service.

A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon.
This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled.

Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services.
These services allow you to build secure tunnels through untrusted networks.

A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon.
This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6. (CVE-2011-4073)

Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters.

All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
After installing this update, the ipsec service will be restarted automatically.

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2011:1422 advisory.

  - openswan: use-after-free vulnerability leads to DoS (CVE-2011-4073)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The information security group at ETH Zurich discovered a denial of service vulnerability in the crypto helper handler of the IKE daemon pluto. More information can be found in the upstream advisory.

openswan's crypto helper was prone to an use-after-free flaw which could potentially allow remote attackers to cause a Denial of Service (CVE-2011-4073, bnc#727002). Additionally, a potential dereference of a no longer valid pointer has been fixed.

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services.
These services allow you to build secure tunnels through untrusted networks.

A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon.
This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled. The helpers are disabled by default on Scientific Linux 5, but enabled by default on Scientific Linux 6. (CVE-2011-4073)

All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
After installing this update, the ipsec service will be restarted automatically.

The remote host is affected by the vulnerability described in GLSA-201203-13 (Openswan: Denial of Service)

    Two vulnerabilities have been found in Openswan:
      Improper permissions are used on /var/run/starter.pid and         /var/lock/subsys/ipsec (CVE-2011-2147).
      Openswan contains a use-after-free error in the cryptographic helper         handler (CVE-2011-4073).
  Impact :

    A remote authenticated attacker or a local attacker may be able to cause       a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

New upstream release for CVE-2011-4073

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

openswan's crypto helper was prone to an use-after-free flaw which could potentially allow remote attackers to cause a Denial of Service (CVE-2011-4073, bnc#727002). Additionally, the following issues have been fixed :

  - AH handshake problems (bnc#713986),

  - potential dereference of no longer valid pointers,

  - mode handling issues

From Red Hat Security Advisory 2011:1422 :

Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services.
These services allow you to build secure tunnels through untrusted networks.

A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon.
This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6. (CVE-2011-4073)

Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters.

All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
After installing this update, the ipsec service will be restarted automatically.

ID	Name	Product	Family	Published	Updated	Severity
57071	Fedora 14 : openswan-2.6.33-3.fc14 (2011-15127)	Nessus	Fedora Local Security Checks	12/12/2011	1/11/2021	medium
57072	Fedora 16 : openswan-2.6.37-1.fc16 (2011-15196)	Nessus	Fedora Local Security Checks	12/12/2011	1/11/2021	medium
81053	Openswan < 2.6.37 Cryptographic Helper Use-After-Free Remote DoS	Nessus	Misc.	1/28/2015	7/17/2018	medium
69577	Amazon Linux AMI : openswan (ALAS-2011-18)	Nessus	Amazon Linux Local Security Checks	9/4/2013	4/18/2018	medium
56694	CentOS 5 : openswan (CESA-2011:1422)	Nessus	CentOS Local Security Checks	11/3/2011	1/4/2021	medium
56698	RHEL 5 / 6 : openswan (RHSA-2011:1422)	Nessus	Red Hat Local Security Checks	11/3/2011	4/21/2024	medium
57514	Debian DSA-2374-1 : openswan - implementation error	Nessus	Debian Local Security Checks	1/12/2012	1/11/2021	medium
57237	SuSE 10 Security Update : openswan (ZYPP Patch Number 7836)	Nessus	SuSE Local Security Checks	12/13/2011	1/19/2021	medium
61167	Scientific Linux Security Update : openswan on SL5.x, SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
58378	GLSA-201203-13 : Openswan: Denial of Service	Nessus	Gentoo Local Security Checks	3/19/2012	1/6/2021	medium
57070	Fedora 15 : openswan-2.6.37-1.fc15 (2011-15077)	Nessus	Fedora Local Security Checks	12/12/2011	1/11/2021	medium
57125	SuSE 11.1 Security Update : openswan (SAT Patch Number 5424)	Nessus	SuSE Local Security Checks	12/13/2011	1/19/2021	medium
68381	Oracle Linux 5 / 6 : openswan (ELSA-2011-1422)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium