Bug 847509 (CVE-2013-6076) - VUL-0: CVE-2013-6076: strongswan remote DoS
Summary: VUL-0: CVE-2013-6076: strongswan remote DoS
Status: RESOLVED FIXED
Alias: CVE-2013-6076
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-10-24 15:49 UTC by Victor Pereira
Modified: 2014-01-14 08:35 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2013-10-24 15:49:16 UTC 
CVE-2013-6076

The bug can be triggered by a crafted IKEv1 fragmentation payload and is
caused by a NULL pointer dereference. If the daemon has any IKEv1 or
mixed connections configured, a crafted payload can result in a crash of
the IKE daemon. Using the flaw for attacks other than DoS, such as code
injection, is not possible.
Comment 1 Marcus Meissner 2013-10-25 06:33:37 UTC 
Affected are strongSwan versions 5.0.2 and newer.

CRD is November 1st, 1200 UTC
Comment 2 Swamp Workflow Management 2013-10-25 22:00:07 UTC 
bugbot adjusting priority
Comment 4 Bernhard Wiedemann 2013-11-01 13:00:27 UTC 
This is an autogenerated message for OBS integration:
This bug (847509) was mentioned in
https://build.opensuse.org/request/show/205541 Factory / strongswan
Comment 7 Marcus Meissner 2014-01-14 08:35:38 UTC 
also in 13.1. 12.3 has 5.0.1, so is not affected.