CVE-2011-4073
Published: 17 November 2011
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openswan Launchpad, Ubuntu, Debian |
hardy |
Released
(1:2.4.9+dfsg-1ubuntu0.1)
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Released
(1:2.6.28+dfsg-5squeeze1build0.11.04.1)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Not vulnerable
(1:2.6.37-1)
|
|
| quantal |
Not vulnerable
(1:2.6.37-1)
|
|
| raring |
Not vulnerable
(1:2.6.37-1)
|
|
| saucy |
Not vulnerable
(1:2.6.37-1)
|
|
| upstream |
Released
(2.6.37)
|
|
|
Patches: upstream: http://openswan.org/download/CVE-2011-4073/openswan-2.x.x-CVE-2011-4073.patch vendor: http://www.debian.org/security/2011/dsa-2374 |
||