ID CVE-2015-3240
Summary The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet.
References
Vulnerable Configurations
  • libreswan libreswan 3.14
    cpe:2.3:a:libreswan:libreswan:3.14
CVSS
Base: 4.3 (as of 10-11-2015 - 09:11)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
bugzilla
id 1273719
title libreswan FIPS test mistakenly looks for non-existent file hashes and reports FIPS failure
oval
AND
  • comment libreswan is earlier than 0:3.15-5.el7_1
    oval oval:com.redhat.rhsa:tst:20151979005
  • comment libreswan is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20151154006
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
rhsa
id RHSA-2015:1979
released 2015-11-03
severity Moderate
title RHSA-2015:1979: libreswan security and enhancement update (Moderate)
rpms libreswan-0:3.15-5.el7_1
refmap via4
bid 77536
confirm
gentoo GLSA-201603-13
mlist [Openswan Users] 20150827 Openswan 2.6.45 released
sectrack 1033418
Last major update 02-12-2016 - 22:09
Published 09-11-2015 - 11:59
Back to Top