Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[MU-200809-01] strongSwan IKEv2 Denial-of-Service Vulnerability
From: noreply () mudynamics com
Date: Thu, 18 Sep 2008 16:49:51 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

strongSwan IKEv2 Denial-of-Service Vulnerability [MU-200809-01]
September 18, 2008

http://labs.mudynamics.com/advisories.html

Affected Products/Versions:

strongswan 4.2.6 and other branches

Product Overview:
strongSwan is an Open Source IPsec-based VPN Solution for the Linux operating system.

www.strongswan.org

Vulnerability Details:

An IKE_SA_INIT message with a Key Exchange payload containing a large number of
NULL values can cause a crash of the IKEv2 charon daemon. The problem is 
strongSwan dereferences a NULL pointer returned by the mpz_export() function
of the GNU Multiprecision Library (GMP).

Vendor Response / Solution:

Fixed in strongSwan 4.2.7 and other branches.
Available from www.strongswan.org/

History:

September 16, 2008 - First contact with vendor
September 17, 2008 - Vendor releases fix

See also:

http://wiki.strongswan.org/changeset/4345

Credit:

This vulnerability was discovered by the Mu Dynamics research team.

http://labs.mudynamics.com/pgpkey.txt

Mu Dynamics proactively eliminates the high cost of service, application and 
network downtime. Mu's solution automates a systematic and repeatable process 
that identifies hard-to-detect sources of potential downtime within IP services,
applications, and underlying networks. The award-winning Mu solution is deployed
at more than 100 locations, primarily at leading global service providers, cable
operators and network product vendors.  Headquartered in Sunnyvale, California, 
Mu is backed by leading venture capital firms that include Accel Partners, 
Benchmark Capital, DAG Ventures and Focus Ventures. For more information, visit
the company's website at http://www.mudynamics.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFI0tiXQLdDlEyOXHQRAuJ/AJ9p4U3ujAySZ0tJ2g9YhNknYSYmwQCdEeX+
uw0/K40Q0nsgb
 5srnRM582w=
=uK93
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [MU-200809-01] strongSwan IKEv2 Denial-of-Service Vulnerability noreply (Sep 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]