Attachment 157556 Details for Bug 200721 – security/vuxml entry for strongswan

[patch] security/vuxml entry for strongswan

PR200721_strongswan_vuln_xml.diff (text/plain), 1.52 KB, created by Jason Unovitch on 2015-06-09 01:27:19 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Unovitch

Created: 2015-06-09 01:27:19 UTC

Size: 1.52 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 388892)
>+++ vuln.xml	(working copy)
>@@ -57,6 +57,37 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+  <vuln vid="10d14955-0e45-11e5-b6a8-002590263bf5">
>+    <topic>strongswan -- Information Leak Vulnerability</topic>
>+    <affects>
>+      <package>
>+	<name>strongswan</name>
>+	<range><ge>4.3.0</ge><lt>5.3.2</lt></range>
>+      </package>
>+    </affects>
>+    <description>
>+      <body xmlns="http://www.w3.org/1999/xhtml">
>+	<p>strongSwan Project reports:</p>
>+	<blockquote cite="http://www.strongswan.org/blog/2015/06/08/strongswan-5.3.2-released.html">
>+	  <p>An information leak vulnerability was fixed that, in certain IKEv2
>+	    setups, allowed rogue servers with a valid certificate accepted by
>+	    the client to trick it into disclosing user credentials (even plain
>+	    passwords if the client accepts EAP-GTC). This was caused because
>+	    constraints against the server's authentication were enforced too
>+	    late. All versions since 4.3.0 are affected.</p>
>+	</blockquote>
>+      </body>
>+    </description>
>+    <references>
>+      <cvename>CVE-2015-4171</cvename>
>+      <url>http://www.strongswan.org/blog/2015/06/08/strongswan-5.3.2-released.html</url>
>+    </references>
>+    <dates>
>+      <discovery>2015-06-08</discovery>
>+      <entry>2015-06-09</entry>
>+    </dates>
>+  </vuln>
>+
>   <vuln vid="838fa84a-0e25-11e5-90e4-d050996490d0">
>     <topic>redis -- EVAL Lua Sandbox Escape</topic>
>     <affects>

Actions: View | Diff

Attachments on bug 200721: 157553 | 157556 | 157557 | 157559