ID CVE-2011-3380
Summary Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.
References
Vulnerable Configurations
  • Openswan 2.6.29
    cpe:2.3:a:openswan:openswan:2.6.29
  • Openswan 2.6.30
    cpe:2.3:a:openswan:openswan:2.6.30
  • Openswan 2.6.31
    cpe:2.3:a:openswan:openswan:2.6.31
  • Openswan 2.6.32
    cpe:2.3:a:openswan:openswan:2.6.32
  • Openswan 2.6.33
    cpe:2.3:a:openswan:openswan:2.6.33
  • Openswan 2.6.34
    cpe:2.3:a:openswan:openswan:2.6.34
  • Openswan 2.6.35
    cpe:2.3:a:openswan:openswan:2.6.35
CVSS
Base: 5.0 (as of 18-11-2011 - 09:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111005_OPENSWAN_ON_SL6_X.NASL
    description Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon. (CVE-2011-3380) All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61149
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61149
    title Scientific Linux Security Update : openswan on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1356.NASL
    description Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon. (CVE-2011-3380) Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Paul Wouters as the original reporter. All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56405
    published 2011-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56405
    title RHEL 6 : openswan (RHSA-2011:1356)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-06.NASL
    description When an ISAKMP message with an invalid KEY_LENGTH attribute is received, the error handling function crashes on a NULL pointer dereference. Openswan automatically restarts the pluto IKE daemon but all ISAKMP state is lost. This vulnerability does NOT allow an attacker access to the system. This can be used to launch a denial of service attack by sending repeated IKE packets with the invalid key length attribute.
    last seen 2019-02-21
    modified 2015-01-30
    plugin id 69565
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69565
    title Amazon Linux AMI : openswan (ALAS-2011-06)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-6.NASL
    description A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78267
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78267
    title Amazon Linux AMI : openswan (ALAS-2011-6)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1356.NASL
    description From Red Hat Security Advisory 2011:1356 : Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially crafted IKE packet that would crash the pluto daemon. (CVE-2011-3380) Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Paul Wouters as the original reporter. All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68365
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68365
    title Oracle Linux 6 : openswan (ELSA-2011-1356)
  • NASL family Misc.
    NASL id OPENSWAN_IKE_49984.NASL
    description The remote host is running a version of Openswan prior to version 2.6.36. It is, therefore, affected by a remote denial of service vulnerability due to a NULL pointer dereference flaw. A remote attacker, using a specially crafted ISAKMP message with an invalid KEY_LENGTH attribute, can cause a denial of service.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 81052
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81052
    title Openswan < 2.6.36 IKE Packet NULL Pointer Dereference Remote DoS
redhat via4
advisories
bugzilla
id 742065
title CVE-2011-3380 openswan: IKE invalid key length allows remote unauthenticated user to crash openswan
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment openswan is earlier than 0:2.6.32-4.el6_1.2
        oval oval:com.redhat.rhsa:tst:20111356005
      • comment openswan is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100892006
    • AND
      • comment openswan-doc is earlier than 0:2.6.32-4.el6_1.2
        oval oval:com.redhat.rhsa:tst:20111356007
      • comment openswan-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100892008
rhsa
id RHSA-2011:1356
released 2011-10-05
severity Moderate
title RHSA-2011:1356: openswan security update (Moderate)
rpms
  • openswan-0:2.6.32-4.el6_1.2
  • openswan-doc-0:2.6.32-4.el6_1.2
refmap via4
confirm http://www.openswan.org/download/CVE-2011-3380/CVE-2011-3380.txt
secunia 46306
Last major update 23-11-2011 - 23:00
Published 17-11-2011 - 14:55
Back to Top