Security Updates For Strongswan

Recommended Posts

3 June 2009, 11:40

Security Updates for strongSwan

"The developers of strongSwan, the free IPsec implementation, have released new versions and patches to eliminate two denial of service vulnerabilities in the IKEv2 Charon, key exchange daemon. One vulnerability allows a malformed IKE_SA_INIT request to leave the Charon daemon in an incomplete state, which could lead to a crash if CREATE_CHILD_SA was received later. The other vulnerability could be triggered by a malformed IKE_AUTH request that was missing its traffic selector payload, which would also cause the IKEv2 Charon to crash.

In practice, these vulnerabilities could lead to deterioration in existing VPN connections and, if repeated, cause communications to come to a halt. The problem affects versions of strongSwan 4.1.0 to 4.3.0. Fixes are included in versions 4.2.15 and 4.3.1 which are available to download and patches have also been published."

Heise security -

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.