Bug 1054022 (CVE-2013-7294)
| Summary: | CVE-2013-7294 libreswan: DoS via an IKEv2 I1 notification | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | jkurik, pfrields, pwouters |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | libreswan 3.7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-02-19 21:42:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1054024 | ||
| Bug Blocks: | 1054025 | ||
|
Description
Ratul Gupta
2014-01-16 06:00:28 UTC
who created this CVE number? It is wrong. This is covered in CVE-2013-6467. The openswan CVE for this is CVE-2013-6466 See: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt sorry my bad. this is referring to the _previous_ CVE. While openswan had the same bug, it could not cause a problem because of a size of IKE packet versus described length check. in libreswan 3.7, this check has more conditionals due to an added ike padding feature, and thus exposing the vulnerable code in some cases. So there is no openswan CVE for libreswan CVE-2013-7294 This was addressed in the release of RHEL 7. |