Bug 1095487 (CVE-2014-2891)

Summary: CVE-2014-2891 strongswan: denial of service via crafted ID_DER_ASN1_DN_ID payload
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: avagarwa, jkurik, psimerda, pwouters
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: strongswan 5.1.2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-07 20:26:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2014-05-07 20:22:41 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-2891 to
the following vulnerability:

Name: CVE-2014-2891
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2891
Assigned: 20140417
Reference: http://www.strongswan.org/blog/2014/05/05/strongswan-denial-of-service-vulnerability-(cve-2014-2891).html
Reference: DEBIAN:DSA-2922
Reference: http://www.debian.org/security/2014/dsa-2922
Reference: http://www.securityfocus.com/bid/67212

strongSwan before 5.1.3 allows remote attackers to cause a denial of
service (NULL pointer dereference and IKE daemon crash) via a crafted
ID_DER_ASN1_DN ID payload.


NOTE: MITRE has the wrong description; this was corrected in strongSwan 5.1.2.

Current Fedora and EPEL 6 releases contain strongSwan 5.1.3 which is not vulnerable to this issue.  This also does not affect the versions of openswan or libreswan as shipped in Red Hat Enterprise Linux or Fedora.


Statement:

Not vulnerable. This issue did not affect the versions of openswan as shipped with Red Hat Enterprise Linux 5 and 6.