Vulnerability Bulletins |
Vulnerabilidad en el soporte para X.509 en FreeS/WAN, superfreeswan, openswan y strongswan |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software |
superfreeswan 1.x & X.509 patch openswan 1.x < 1.0.6 openswan 2.x < 2.1.4 strongSwan < 2.1.3 FreeS/WAN 1.x & X.509 patch < 0.9.41 FreeS/WAN 2.x & X.509 patch < 1.6.1 |
Description |
|
Se ha descubierto una vulnerabilidad en superfreeswan, openswan, strongSwan y FreeS/WAN con el parche X.509 aplicado. La vulnerabilidad reside en el manejo de los certificados X.509. La explotación de esta vulnerabilidad podría permitir a un atacante remoto crear su propia Autoridad Certificadora (CA) y por lo tanto suplantar la identidad de un DN válido. Adicionalmente una vulnerabilidad en el código que se encarga de verificar una CA podría hacer que se entrara en un bucle infinito bajo determinadas circunstancias. |
|
Solution |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Openswan Openswan - Parche http://anoncvs.openswan.org/cgi-bin/viewcvs.cgi/openswan-1/pluto/x509.c.diff?r1=1.23&r2=1.25&diff_format=u Openswan 1.0.6 Openswan 2.1.4 http://www.openswan.org/code/ Strongswan Strongswan 2.1.3 http://www.strongswan.org/download.htm Mandrake Linux Mandrakelinux 9.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/RPMS/freeswan-1.99-3.1.91mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.1/SRPMS/freeswan-1.99-3.1.91mdk.src.rpm Mandrakelinux 9.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/RPMS/freeswan-2.01-2.1.92mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/RPMS/freeswan-2.01-2.1.92mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/freeswan-2.04-3.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/freeswan-2.04-3.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm Multi Network Firewall 8.2 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/RPMS/freeswan-1.98b-2.2.M82mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf8.2/SRPMS/freeswan-1.98b-2.2.M82mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm |
|
Standar resources |
|
Property | Value |
CVE | CAN-2004-0590 |
BID | |
Other resources |
|
Openswan Advisory http://www.openswan.org/support/vuln/can-2004-0590/ Mandrakesoft Security Advisory MDKSA-2004:070 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:070 Mandrakesoft Security Advisory MDKSA-2004:070-1 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:070-1 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2004-07-15 |
1.1 | Aviso actualizado por Mandrake (MDKSA-2004:070-1) | 2004-09-22 |