Novell Home

CVE-2013-5018

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-5018 at MITRE

Description

The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Novell/SUSE information

Novell Bugzilla entry: 833278

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • strongswan >= 4.4.0-6.15.1
  • strongswan-doc >= 4.4.0-6.15.1
Builds
ZYPP Patch Nr: 8728
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • strongswan >= 4.4.0-6.21.1
  • strongswan-doc >= 4.4.0-6.21.1
Builds
SAT Patch Nr: 8488
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • strongswan >= 4.4.0-6.21.1
  • strongswan-doc >= 4.4.0-6.21.1
Builds
SAT Patch Nr: 8489

© 2014 Novell