Lucene search

[email protected]CVE-2009-0790

HistoryApr 01, 2009 - 10:30 a.m.

CVE-2009-0790

2009-04-0110:30:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2009-0790

pluto ike daemon

openswan

strongswan ipsec

denial of service

remote attackers

dpd

isakmp

ipsec ike notification

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.1 High

AI Score

Confidence

High

0.834 High

EPSS

Percentile

98.5%

JSON

The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.

Affected configurations

NVD

Node

strongswanstrongswanMatch2.4.0

strongswanstrongswanMatch2.4.0a

strongswanstrongswanMatch2.4.1

strongswanstrongswanMatch2.4.2

strongswanstrongswanMatch2.4.3

strongswanstrongswanMatch2.4.4

strongswanstrongswanMatch2.6.0

strongswanstrongswanMatch2.6.1

strongswanstrongswanMatch2.6.2

strongswanstrongswanMatch2.6.3

strongswanstrongswanMatch2.6.4

strongswanstrongswanMatch2.8.0

strongswanstrongswanMatch2.8.1

strongswanstrongswanMatch2.8.2

strongswanstrongswanMatch2.8.3

strongswanstrongswanMatch2.8.4

strongswanstrongswanMatch2.8.5

strongswanstrongswanMatch2.8.6

strongswanstrongswanMatch2.8.7

strongswanstrongswanMatch2.8.8

strongswanstrongswanMatch4.2.0

strongswanstrongswanMatch4.2.1

strongswanstrongswanMatch4.2.2

strongswanstrongswanMatch4.2.3

strongswanstrongswanMatch4.2.4

strongswanstrongswanMatch4.2.5

strongswanstrongswanMatch4.2.6

strongswanstrongswanMatch4.2.7

strongswanstrongswanMatch4.2.8

strongswanstrongswanMatch4.2.9

strongswanstrongswanMatch4.2.10

strongswanstrongswanMatch4.2.11

strongswanstrongswanMatch4.2.12

strongswanstrongswanMatch4.2.13

xeleranceopenswanMatch2.4.0

xeleranceopenswanMatch2.4.1

xeleranceopenswanMatch2.4.2

xeleranceopenswanMatch2.4.3

xeleranceopenswanMatch2.4.4

xeleranceopenswanMatch2.4.5

xeleranceopenswanMatch2.4.9

xeleranceopenswanMatch2.4.10

xeleranceopenswanMatch2.6.03

xeleranceopenswanMatch2.6.04

xeleranceopenswanMatch2.6.05

xeleranceopenswanMatch2.6.06

xeleranceopenswanMatch2.6.07

xeleranceopenswanMatch2.6.08

xeleranceopenswanMatch2.6.09

xeleranceopenswanMatch2.6.10

xeleranceopenswanMatch2.6.11

xeleranceopenswanMatch2.6.12

xeleranceopenswanMatch2.6.13

xeleranceopenswanMatch2.6.14

xeleranceopenswanMatch2.6.15

xeleranceopenswanMatch2.6.16

xeleranceopenswanMatch2.6.17

xeleranceopenswanMatch2.6.18

xeleranceopenswanMatch2.6.19

xeleranceopenswanMatch2.6.20

CPENameOperatorVersion
strongswan:strongswanstrongswaneq2.4.0
strongswan:strongswanstrongswaneq2.4.0a
strongswan:strongswanstrongswaneq2.4.1
strongswan:strongswanstrongswaneq2.4.2
strongswan:strongswanstrongswaneq2.4.3
strongswan:strongswanstrongswaneq2.4.4
strongswan:strongswanstrongswaneq2.6.0
strongswan:strongswanstrongswaneq2.6.1
strongswan:strongswanstrongswaneq2.6.2
strongswan:strongswanstrongswaneq2.6.3

CPE	Name	Operator	Version
strongswan:strongswan	strongswan	eq	2.4.0
strongswan:strongswan	strongswan	eq	2.4.0a
strongswan:strongswan	strongswan	eq	2.4.1
strongswan:strongswan	strongswan	eq	2.4.2
strongswan:strongswan	strongswan	eq	2.4.3
strongswan:strongswan	strongswan	eq	2.4.4
strongswan:strongswan	strongswan	eq	2.6.0
strongswan:strongswan	strongswan	eq	2.6.1
strongswan:strongswan	strongswan	eq	2.6.2
strongswan:strongswan	strongswan	eq	2.6.3