Mandriva Linux Security Advisory 2013-231 - Multiple vulnerabilities has been discovered and corrected in openswan. The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the in many distributions and the upstream version, this tool has been disabled. The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted R_U_THERE_ACK Dead Peer Detection IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD. Various other issues have also been addressed.
fb07f53fcbc6401898ba4775ff34c35ba6bd0724b1aaf7b8955e48769191fdc6
Gentoo Linux Security Advisory GLSA 200909-05 - Multiple vulnerabilities in the pluto IKE daemon of Openswan might allow remote attackers to cause a Denial of Service. Versions less than 2.4.15 are affected.
dc82cd23ab45cea7322425270ef367bfb55a717c6478211749f633c797080928
Debian Security Advisory 1760-1 - Two vulnerabilities have been discovered in openswan, an IPSec implementation for linux.
2c2aa3345edfeb4b31239b8671abeebadc6d458161424f2e9b565f1d82a519da
Debian Security Advisory 1759-1 - Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an IPSec implementation for linux, is prone to a denial of service attack via a malicious packet.
e50f4c4bdee473b2d0a12ed6e6e7f625f317c6e610e2d3965a17d7d06d62af8d
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
4ceadb0aa155d910f1986bd9f636d87644d75b68308d787fad07689d7bc0817f
Openswan versions 2.6.20 and below and Strongswan versions 4.2.13 and below suffer from a Dead Peer Detection denial of service vulnerability.
f54e2eb6a321fda0ffc703dd3f3a2af930e2a7924acef3fa72d65f80e868505a