#20527 – CVE-2009-2185 DoS vulnerability in the ASN.1 parser

Bug 20527 - CVE-2009-2185 DoS vulnerability in the ASN.1 parser

Summary: CVE-2009-2185 DoS vulnerability in the ASN.1 parser

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	strongswan (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Michael Shigorin
QA Contact:	qa-sisyphus

URL:	http://download.strongswan.org/CHANGE...
Keywords:	security

Depends on:
Blocks:

Reported:	2009-06-21 23:07 MSD by Vladimir Lettiev
Modified:	2009-06-25 09:27 MSD (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-06-21 23:07:24 MSD

Applying their fuzzing tool, the Orange Labs vulnerability research team
found a Denial-of-Service vulnerability in the parsing of ASN.1 Relative
Distinguished Names (RDNs). Malformed X.509 certificate RDNs can cause
the pluto and charon IKE daemons to crash and restart.

Fix availiable in the new version 4.2.16

Comment 1 Michael Shigorin 2009-06-23 20:10:50 MSD

arbeiten

Comment 2 Repository Robot 2009-06-24 13:48:06 MSD

strongswan-4.2.16-alt1 -> sisyphus:

* Tue Jun 23 2009 Michael Shigorin <mike@altlinux> 4.2.16-alt1

- 4.2.16 fixes DoS vulnerability in the ASN.1 parser;
  thanks crux@ for notification (closes: #20527)

Comment 3 Vladimir Lettiev 2009-06-25 09:27:01 MSD

closed