oss-sec mailing list archives
Re: CVE id request: strongswan
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 24 Jun 2009 10:29:00 -0400 (EDT)
On Sun, 21 Jun 2009, Nico Golde wrote:
- Applying their fuzzing tool, the Orange Labs vulnerability research team found another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME and GENERALIZEDTIME strings to a time_t value. Malformed X.509 certificate RDNs or timestamps can cause the pluto IKE daemon to crash and restart.
Use CVE-2009-2185. Note that this has already been processed internally by CVE, but the change hasn't been committed yet. The CVE will show up live sometime later today. - Steve
Current thread:
- CVE id request: strongswan Nico Golde (Jun 21)
- Re: CVE id request: strongswan Steven M. Christey (Jun 24)