English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63711
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2009:0402
Resumen:NOSUMMARY
Descripción:Description:
The remote host is missing updates announced in
advisory RHSA-2009:0402.

Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).

Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in
Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD
packet to crash the pluto daemon. (CVE-2009-0790)

It was discovered that Openswan's livetest script created temporary files
in an insecure manner. A local attacker could use this flaw to overwrite
arbitrary files owned by the user running the script. (CVE-2008-4190)

Note: The livetest script is an incomplete feature and was not
automatically executed by any other script distributed with Openswan, or
intended to be used at all, as was documented in its man page. In these
updated packages, the script only prints an informative message and exits
immediately when run.

All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, the ipsec service will be restarted automatically.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-0402.html
http://www.redhat.com/security/updates/classification/#important

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4190
BugTraq ID: 31243
http://www.securityfocus.com/bid/31243
Bugtraq: 20090310 Re: [ GLSA 200903-18 ] Openswan: Insecure temporary file creation (Google Search)
http://www.securityfocus.com/archive/1/501624/100/0/threaded
http://www.securityfocus.com/archive/1/501640/100/0/threaded
Debian Security Information: DSA-1760 (Google Search)
http://www.debian.org/security/2009/dsa-1760
https://www.exploit-db.com/exploits/9135
http://www.openwall.com/lists/oss-security/2008/10/30/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10078
http://www.redhat.com/support/errata/RHSA-2009-0402.html
http://secunia.com/advisories/34182
http://secunia.com/advisories/34472
XForce ISS Database: openswan-livetest-symlink(45250)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45250
Common Vulnerability Exposure (CVE) ID: CVE-2009-0790
BugTraq ID: 34296
http://www.securityfocus.com/bid/34296
Bugtraq: 20090330 CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec (Google Search)
http://www.securityfocus.com/archive/1/502270/100/0/threaded
Debian Security Information: DSA-1759 (Google Search)
http://www.debian.org/security/2009/dsa-1759
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171
http://www.securitytracker.com/id?1021949
http://www.securitytracker.com/id?1021950
http://secunia.com/advisories/34483
http://secunia.com/advisories/34494
http://secunia.com/advisories/34546
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.vupen.com/english/advisories/2009/0886
XForce ISS Database: openswan-strongswan-dpd-dos(49523)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49523
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2024 E-Soft Inc. Todos los derechos reservados.