ID CVE-2013-6466
Summary Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
References
Vulnerable Configurations
  • Openswan 2.3.0
    cpe:2.3:a:openswan:openswan:2.3.0
  • Openswan 2.3.1
    cpe:2.3:a:openswan:openswan:2.3.1
  • Openswan 2.4
    cpe:2.3:a:openswan:openswan:2.4
  • Openswan 2.4.1
    cpe:2.3:a:openswan:openswan:2.4.1
  • Openswan 2.4.2
    cpe:2.3:a:openswan:openswan:2.4.2
  • Openswan 2.4.3
    cpe:2.3:a:openswan:openswan:2.4.3
  • Openswan 2.4.4
    cpe:2.3:a:openswan:openswan:2.4.4
  • Openswan 2.4.5
    cpe:2.3:a:openswan:openswan:2.4.5
  • Openswan 2.4.6
    cpe:2.3:a:openswan:openswan:2.4.6
  • Openswan 2.4.7
    cpe:2.3:a:openswan:openswan:2.4.7
  • Openswan 2.4.8
    cpe:2.3:a:openswan:openswan:2.4.8
  • Openswan 2.4.9
    cpe:2.3:a:openswan:openswan:2.4.9
  • Openswan 2.4.10
    cpe:2.3:a:openswan:openswan:2.4.10
  • Openswan 2.4.11
    cpe:2.3:a:openswan:openswan:2.4.11
  • Openswan 2.4.12
    cpe:2.3:a:openswan:openswan:2.4.12
  • Openswan 2.4.13
    cpe:2.3:a:openswan:openswan:2.4.13
  • Openswan 2.5.0
    cpe:2.3:a:openswan:openswan:2.5.0
  • Openswan 2.5.0sbs4
    cpe:2.3:a:openswan:openswan:2.5.0:sbs4
  • Openswan 2.5.0sbs5
    cpe:2.3:a:openswan:openswan:2.5.0:sbs5
  • Openswan 2.5.01
    cpe:2.3:a:openswan:openswan:2.5.01
  • Openswan 2.5.02
    cpe:2.3:a:openswan:openswan:2.5.02
  • Openswan 2.5.03
    cpe:2.3:a:openswan:openswan:2.5.03
  • Openswan 2.5.04
    cpe:2.3:a:openswan:openswan:2.5.04
  • Openswan 2.5.05
    cpe:2.3:a:openswan:openswan:2.5.05
  • Openswan 2.5.06
    cpe:2.3:a:openswan:openswan:2.5.06
  • Openswan 2.5.07
    cpe:2.3:a:openswan:openswan:2.5.07
  • Openswan 2.5.08
    cpe:2.3:a:openswan:openswan:2.5.08
  • Openswan 2.5.09
    cpe:2.3:a:openswan:openswan:2.5.09
  • Openswan 2.5.10
    cpe:2.3:a:openswan:openswan:2.5.10
  • Openswan 2.5.11
    cpe:2.3:a:openswan:openswan:2.5.11
  • Openswan 2.5.12
    cpe:2.3:a:openswan:openswan:2.5.12
  • Openswan 2.5.13
    cpe:2.3:a:openswan:openswan:2.5.13
  • Openswan 2.5.14
    cpe:2.3:a:openswan:openswan:2.5.14
  • Openswan 2.5.15
    cpe:2.3:a:openswan:openswan:2.5.15
  • Openswan 2.5.16
    cpe:2.3:a:openswan:openswan:2.5.16
  • Openswan 2.5.17
    cpe:2.3:a:openswan:openswan:2.5.17
  • Openswan 2.5.18
    cpe:2.3:a:openswan:openswan:2.5.18
  • Openswan 2.6.01
    cpe:2.3:a:openswan:openswan:2.6.01
  • Openswan 2.6.02
    cpe:2.3:a:openswan:openswan:2.6.02
  • Openswan 2.6.03
    cpe:2.3:a:openswan:openswan:2.6.03
  • Openswan 2.6.04
    cpe:2.3:a:openswan:openswan:2.6.04
  • Openswan 2.6.05
    cpe:2.3:a:openswan:openswan:2.6.05
  • Openswan 2.6.06
    cpe:2.3:a:openswan:openswan:2.6.06
  • Openswan 2.6.07
    cpe:2.3:a:openswan:openswan:2.6.07
  • Openswan 2.6.08
    cpe:2.3:a:openswan:openswan:2.6.08
  • Openswan 2.6.09
    cpe:2.3:a:openswan:openswan:2.6.09
  • Openswan 2.6.10
    cpe:2.3:a:openswan:openswan:2.6.10
  • Openswan 2.6.11
    cpe:2.3:a:openswan:openswan:2.6.11
  • Openswan 2.6.12
    cpe:2.3:a:openswan:openswan:2.6.12
  • Openswan 2.6.13
    cpe:2.3:a:openswan:openswan:2.6.13
  • Openswan 2.6.14
    cpe:2.3:a:openswan:openswan:2.6.14
  • Openswan 2.6.15
    cpe:2.3:a:openswan:openswan:2.6.15
  • Openswan 2.6.16
    cpe:2.3:a:openswan:openswan:2.6.16
  • Openswan 2.6.17
    cpe:2.3:a:openswan:openswan:2.6.17
  • Openswan 2.6.18
    cpe:2.3:a:openswan:openswan:2.6.18
  • Openswan 2.6.19
    cpe:2.3:a:openswan:openswan:2.6.19
  • Openswan 2.6.20
    cpe:2.3:a:openswan:openswan:2.6.20
  • Openswan 2.6.21
    cpe:2.3:a:openswan:openswan:2.6.21
  • Openswan 2.6.22
    cpe:2.3:a:openswan:openswan:2.6.22
  • Openswan 2.6.23
    cpe:2.3:a:openswan:openswan:2.6.23
  • Openswan 2.6.24
    cpe:2.3:a:openswan:openswan:2.6.24
  • Openswan 2.6.25
    cpe:2.3:a:openswan:openswan:2.6.25
  • Openswan 2.6.26
    cpe:2.3:a:openswan:openswan:2.6.26
  • Openswan 2.6.27
    cpe:2.3:a:openswan:openswan:2.6.27
  • Openswan 2.6.28
    cpe:2.3:a:openswan:openswan:2.6.28
  • Openswan 2.6.29
    cpe:2.3:a:openswan:openswan:2.6.29
  • Openswan 2.6.30
    cpe:2.3:a:openswan:openswan:2.6.30
  • Openswan 2.6.31
    cpe:2.3:a:openswan:openswan:2.6.31
  • Openswan 2.6.32
    cpe:2.3:a:openswan:openswan:2.6.32
  • Openswan 2.6.33
    cpe:2.3:a:openswan:openswan:2.6.33
  • Openswan 2.6.34
    cpe:2.3:a:openswan:openswan:2.6.34
  • Openswan 2.6.35
    cpe:2.3:a:openswan:openswan:2.6.35
  • Openswan 2.6.36
    cpe:2.3:a:openswan:openswan:2.6.36
  • Openswan 2.6.37
    cpe:2.3:a:openswan:openswan:2.6.37
  • Openswan 2.6.38
    cpe:2.3:a:openswan:openswan:2.6.38
  • Openswan 2.6.39
    cpe:2.3:a:openswan:openswan:2.6.39
CVSS
Base: 5.0 (as of 27-01-2014 - 08:10)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0185.NASL
    description Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466) All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72567
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72567
    title RHEL 5 / 6 : openswan (RHSA-2014:0185)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201411-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201411-07 (Openswan: Denial of Service) A NULL pointer dereference has been found in Openswan. Impact : A remote attacker could create a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79415
    published 2014-11-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79415
    title GLSA-201411-07 : Openswan: Denial of Service
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0185.NASL
    description Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466) All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 72561
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72561
    title CentOS 5 / 6 : openswan (CESA-2014:0185)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140218_OPENSWAN_ON_SL5_X.NASL
    description A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 72570
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72570
    title Scientific Linux Security Update : openswan on SL5.x, SL6.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0185.NASL
    description From Red Hat Security Advisory 2014:0185 : Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466) All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 72565
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72565
    title Oracle Linux 5 / 6 : openswan (ELSA-2014-0185)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-303.NASL
    description A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 72951
    published 2014-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72951
    title Amazon Linux AMI : openswan (ALAS-2014-303)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2893.NASL
    description Two vulnerabilities were fixed in Openswan, an IKE/IPsec implementation for Linux. - CVE-2013-2053 During an audit of Libreswan (with which Openswan shares some code), Florian Weimer found a remote buffer overflow in the atodn() function. This vulnerability can be triggered when Opportunistic Encryption (OE) is enabled and an attacker controls the PTR record of a peer IP address. Authentication is not needed to trigger the vulnerability. - CVE-2013-6466 Iustina Melinte found a vulnerability in Libreswan which also applies to the Openswan code. By carefully crafting IKEv2 packets, an attacker can make the pluto daemon dereference non-received IKEv2 payload, leading to the daemon crash. Authentication is not needed to trigger the vulnerability. Patches were originally written to fix the vulnerabilities in Libreswan, and have been ported to Openswan by Paul Wouters from the Libreswan Project. Since the Openswan package is not maintained anymore in the Debian distribution and is not available in testing and unstable suites, it is recommended for IKE/IPsec users to switch to a supported implementation like strongSwan.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 73293
    published 2014-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73293
    title Debian DSA-2893-1 : openswan - security update
redhat via4
advisories
bugzilla
id 1050277
title CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment openswan is earlier than 0:2.6.32-7.3.el5_10
          oval oval:com.redhat.rhsa:tst:20140185002
        • comment openswan is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090402003
      • AND
        • comment openswan-doc is earlier than 0:2.6.32-7.3.el5_10
          oval oval:com.redhat.rhsa:tst:20140185004
        • comment openswan-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20090402005
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment openswan is earlier than 0:2.6.32-27.2.el6_5
          oval oval:com.redhat.rhsa:tst:20140185010
        • comment openswan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100892006
      • AND
        • comment openswan-doc is earlier than 0:2.6.32-27.2.el6_5
          oval oval:com.redhat.rhsa:tst:20140185012
        • comment openswan-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100892008
rhsa
id RHSA-2014:0185
released 2014-02-18
severity Moderate
title RHSA-2014:0185: openswan security update (Moderate)
rpms
  • openswan-0:2.6.32-7.3.el5_10
  • openswan-doc-0:2.6.32-7.3.el5_10
  • openswan-0:2.6.32-27.2.el6_5
  • openswan-doc-0:2.6.32-27.2.el6_5
refmap via4
bid 65155
confirm https://cert.vde.com/en-us/advisories/vde-2017-001
debian DSA-2893
misc https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
xf openswan-cve20136466-dos(90524)
Last major update 19-04-2014 - 00:44
Published 26-01-2014 - 15:55
Last modified 16-05-2018 - 21:29
Back to Top