Denial of Service and Impersonation Vulnerability in strongSwan by strongSwan Inc.
CVE-2013-6075

Currently unrated

Key Information:

Vendor

Strongswan

Status
Strongswan
Vendor
CVE Published:
2 November 2013

What is CVE-2013-6075?

The compare_dn function in utils/identification.c of strongSwan versions 4.3.3 to 5.1.1 is vulnerable to a denial of service via out-of-bounds read and NULL pointer dereference, potentially crashing the daemon. Additionally, remote authenticated users can exploit an insufficient length check during identity comparison of a crafted ID_DER_ASN1_DN, leading to arbitrary user impersonation and access control circumvention.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.strongswan.org/blog/2013/11/01/strongswan-deni...
x_refsource_CONFIRM
http://download.strongswan.org/security/CVE-2013-6075/str...
x_refsource_MISC
http://www.debian.org/security/2012/dsa-2789
vendor-advisoryx_refsource_DEBIAN

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.