Bug 20527 - CVE-2009-2185 DoS vulnerability in the ASN.1 parser
Summary: CVE-2009-2185 DoS vulnerability in the ASN.1 parser
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: strongswan (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Michael Shigorin
QA Contact: qa-sisyphus
URL: http://download.strongswan.org/CHANGE...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-06-21 23:07 MSD by Vladimir Lettiev
Modified: 2009-06-25 09:27 MSD (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-06-21 23:07:24 MSD
Applying their fuzzing tool, the Orange Labs vulnerability research team
found a Denial-of-Service vulnerability in the parsing of ASN.1 Relative
Distinguished Names (RDNs). Malformed X.509 certificate RDNs can cause
the pluto and charon IKE daemons to crash and restart.

Fix availiable in the new version 4.2.16
Comment 1 Michael Shigorin 2009-06-23 20:10:50 MSD
arbeiten
Comment 2 Repository Robot 2009-06-24 13:48:06 MSD
strongswan-4.2.16-alt1 -> sisyphus:

* Tue Jun 23 2009 Michael Shigorin <mike@altlinux> 4.2.16-alt1

- 4.2.16 fixes DoS vulnerability in the ASN.1 parser;
  thanks crux@ for notification (closes: #20527)
Comment 3 Vladimir Lettiev 2009-06-25 09:27:01 MSD
closed