Lucene search
UbuntuUSN-2628-1HistoryJun 08, 2015 - 12:00 a.m.
strongSwan vulnerability
2015-06-0800:00:00
ubuntu.com
34
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
7.9
Confidence
High
EPSS
0.005
Percentile
76.3%
Releases
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 ESM
Packages
- strongswan - IPsec VPN solution
Details
Alexander E. Patrakov discovered that strongSwan incorrectly handled
certain IKEv2 setups. A malicious server could possibly use this issue to
obtain user credentials.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 15.04 | noarch | strongswan-ike | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | libstrongswan | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | libstrongswan-dbgsym | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan-dbg | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan-ike-dbgsym | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan-ikev1 | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan-ikev2 | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan-nm | < 5.1.2-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 15.04 | noarch | strongswan-nm-dbgsym | < 5.1.2-0ubuntu5.2 | UNKNOWN |
References
Related
ibm
ibm
openvas
openvas
Debian Security Advisory DSA 3282-1 (strongswan - security update)
2015-06-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1196-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:1791-1)
2021-06-09 00:00:00
nessus
nessus
Debian DSA-3282-1 : strongswan - security update
2015-06-09 00:00:00
SUSE SLED11 / SLES11 Security Update : strongswan (SUSE-SU-2015:1227-1)
2015-07-14 00:00:00
cvelist
cvelist
CVE-2015-4171
2015-06-10 18:00:00
osv
osv
strongswan - security update
2015-06-12 00:00:00
strongswan - security update
2015-06-08 00:00:00
prion
prion
Authentication flaw
2015-06-10 18:59:00
cve
cve
CVE-2015-4171
2015-06-10 18:59:09
securityvulns
securityvulns
StrongSwan certificate spoofing
2015-06-08 00:00:00
[SECURITY] [DSA 3282-1] strongswan security update
2015-06-08 00:00:00
ubuntucve
ubuntucve
CVE-2015-4171
2015-06-08 00:00:00
debiancve
debiancve
CVE-2015-4171
2015-06-10 18:59:09
freebsd
freebsd
strongswan -- Information Leak Vulnerability
2015-06-08 00:00:00
debian
debian
[SECURITY] [DLA 244-1] strongswan security update
2015-06-12 05:47:06
[SECURITY] [DSA 3282-1] strongswan security update
2015-06-08 14:44:16
nvd
nvd
CVE-2015-4171
2015-06-10 18:59:09
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
7.9
Confidence
High
EPSS
0.005
Percentile
76.3%
Related for USN-2628-1