Xelerance Openswan 2.6.25

CPE Details

Xelerance Openswan 2.6.25
xelerance
openswan
2.6.25
2019-07-29
11h15 +00:00
2019-07-29
11h15 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:xelerance:openswan:2.6.25:*:*:*:*:*:*:*

Informations

Vendor

xelerance

Product

openswan

Version

2.6.25

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2019-10155 2019-06-12 11h51 +00:00 The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.
3.1
Bas
CVE-2018-15836 2018-09-26 19h00 +00:00 In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
7.5
Haute
CVE-2013-6466 2014-01-26 19h00 +00:00 Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
5
CVE-2013-2053 2013-07-09 15h00 +00:00 Buffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.
6.8
CVE-2011-4073 2011-11-17 18h00 +00:00 Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
4
CVE-2010-3302 2010-10-05 19h00 +00:00 Buffer overflow in programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 might allow remote authenticated gateways to execute arbitrary code or cause a denial of service via long (1) cisco_dns_info or (2) cisco_domain_info data in a packet.
6.5
CVE-2010-3752 2010-10-05 19h00 +00:00 programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 allows remote authenticated gateways to execute arbitrary commands via shell metacharacters in (1) cisco_dns_info or (2) cisco_domain_info data in a packet, a different vulnerability than CVE-2010-3302.
6.5