CVE-2011-4073
Published: 17 November 2011
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Priority
Status
Package | Release | Status |
---|---|---|
openswan
Launchpad, Ubuntu, Debian |
hardy |
Released
(1:2.4.9+dfsg-1ubuntu0.1)
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Released
(1:2.6.28+dfsg-5squeeze1build0.11.04.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Not vulnerable
(1:2.6.37-1)
|
|
quantal |
Not vulnerable
(1:2.6.37-1)
|
|
raring |
Not vulnerable
(1:2.6.37-1)
|
|
saucy |
Not vulnerable
(1:2.6.37-1)
|
|
upstream |
Released
(2.6.37)
|
|
Patches:
upstream: http://openswan.org/download/CVE-2011-4073/openswan-2.x.x-CVE-2011-4073.patch vendor: http://www.debian.org/security/2011/dsa-2374 |