oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE id request: strongswan

From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 21 Jun 2009 19:25:25 +0200
Hi,
the latest release fixes two new denial of service issues. 
From the changelog:
- Applying their fuzzing tool, the Orange Labs vulnerability research team
  found another two DoS vulnerabilities, one in the rather old ASN.1 parser
  of Relative Distinguished Names (RDNs) and a second one in the conversion
  of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value.
  Malformed X.509 certificate RDNs or timestamps can cause the pluto IKE
  daemon to crash and restart.

Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533837
Upstream patches:
http://download.strongswan.org/patches/05_asn1_rdn_patch/
http://download.strongswan.org/patches/06_asn1_time_patch/

Can I get two CVE ids for this please?

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: