CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
79.7%
The compare_dn function in utils/identification.c in strongSwan 4.3.3
through 5.1.1 allows (1) remote attackers to cause a denial of service
(out-of-bounds read, NULL pointer dereference, and daemon crash) or (2)
remote authenticated users to impersonate arbitrary users and bypass access
restrictions via a crafted ID_DER_ASN1_DN ID, related to an “insufficient
length check” during identity comparison.
download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch
www.debian.org/security/2012/dsa-2789
www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html
launchpad.net/bugs/cve/CVE-2013-6075
nvd.nist.gov/vuln/detail/CVE-2013-6075
security-tracker.debian.org/tracker/CVE-2013-6075
www.cve.org/CVERecord?id=CVE-2013-6075