Wind River Support Network

HomeDefectsLIN4-20842
Fixed

LIN4-20842 : Security Advisory - strongswan - CVE-2013-6075

Created: Nov 5, 2013    Updated: Mar 10, 2016
Resolved Date: Dec 16, 2013
Previous ID: CGP5-1017
Found In Version: 4.3
Fix Version: 4.3.0.23
Severity: Severe
Applicable for: Wind River Linux 4
Component/s: Userspace

Description

The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.

see: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6075

Steps to Reproduce

wrl 5.0.1

Other Downloads


Live chat
Online