Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2009-2185

Disclosure Date: June 25, 2009
CVE-2009-2185
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1_parser.c) in (a) strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and (b) openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service (pluto IKE daemon crash) via an X.509 certificate with (1) crafted Relative Distinguished Names (RDNs), (2) a crafted UTCTIME string, or (3) a crafted GENERALIZEDTIME string.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • strongswan,
  • xelerance

Products

  • openswan 2.4.0,
  • openswan 2.4.1,
  • openswan 2.4.10,
  • openswan 2.4.2,
  • openswan 2.4.3,
  • openswan 2.4.4,
  • openswan 2.4.5,
  • openswan 2.4.9,
  • openswan 2.6.03,
  • openswan 2.6.04,
  • openswan 2.6.05,
  • openswan 2.6.06,
  • openswan 2.6.07,
  • openswan 2.6.08,
  • openswan 2.6.09,
  • openswan 2.6.10,
  • openswan 2.6.11,
  • openswan 2.6.12,
  • openswan 2.6.13,
  • openswan 2.6.14,
  • openswan 2.6.15,
  • openswan 2.6.16,
  • openswan 2.6.17,
  • openswan 2.6.18,
  • openswan 2.6.19,
  • openswan 2.6.20,
  • strongswan 2.8.0,
  • strongswan 2.8.1,
  • strongswan 2.8.10,
  • strongswan 2.8.2,
  • strongswan 2.8.3,
  • strongswan 2.8.4,
  • strongswan 2.8.5,
  • strongswan 2.8.6,
  • strongswan 2.8.7,
  • strongswan 2.8.8,
  • strongswan 2.8.9,
  • strongswan 4.1,
  • strongswan 4.2.0,
  • strongswan 4.2.1,
  • strongswan 4.2.10,
  • strongswan 4.2.11,
  • strongswan 4.2.12,
  • strongswan 4.2.13,
  • strongswan 4.2.14,
  • strongswan 4.2.15,
  • strongswan 4.2.2,
  • strongswan 4.2.3,
  • strongswan 4.2.4,
  • strongswan 4.2.5,
  • strongswan 4.2.6,
  • strongswan 4.2.7,
  • strongswan 4.2.8,
  • strongswan 4.2.9,
  • strongswan 4.3.0,
  • strongswan 4.3.1

References

Canonical
CVE-2009-2185 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2185)
BID-35452 (http://www.securityfocus.com/bid/35452)
Advisory
ADV-2009-1639 (http://www.vupen.com/english/advisories/2009/1639)
SECUNIA-35740 (http://secunia.com/advisories/35740)
http://www.ingate.com/Relnote.php?ver=481
SECTRACK-1022428 (http://www.securitytracker.com/id?1022428)
http://www.redhat.com/support/errata/RHSA-2009-1138.html
ADV-2009-1706 (http://www.vupen.com/english/advisories/2009/1706)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11079
SECUNIA-36950 (http://secunia.com/advisories/36950)
SECUNIA-35522 (http://secunia.com/advisories/35522)
SECUNIA-36922 (http://secunia.com/advisories/36922)
SECUNIA-37504 (http://secunia.com/advisories/37504)
DSA-1899 (http://www.debian.org/security/2009/dsa-1899)
http://download.strongswan.org/CHANGES42.txt
http://download.strongswan.org/CHANGES2.txt
http://up2date.astaro.com/2009/07/up2date_7404_released.html
DSA-1898 (http://www.debian.org/security/2009/dsa-1898)
ADV-2009-1829 (http://www.vupen.com/english/advisories/2009/1829)
FEDORA-2009-7478 (https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00337.html)
SECUNIA-35698 (http://secunia.com/advisories/35698)
ADV-2009-3354 (http://www.vupen.com/english/advisories/2009/3354)
http://download.strongswan.org/CHANGES4.txt
FEDORA-2009-7423 (https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00264.html)
SECUNIA-35804 (http://secunia.com/advisories/35804)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis