LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: freeswan Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake This patch resolves a DN impersonation attack as well as a denial of service.

Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           freeswan
 Advisory ID:            MDKSA-2004:070
 Date:                   July 14th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Thomas Walpuski discovered a vulnerability in the X.509 handling of
 super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509
 patch applied.  This vulnerability allows an attacker to make up their
 own Certificate Authority that can allow them to impersonate the
 identity of a valid DN.  As well, another hole exists in the CA
 checking code that could create an endless loop in certain instances.
 
 Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan
 to upgrade to the updated packages which are patched to correct these
 flaws.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0590
   http://lists.openswan.org/pipermail/dev/2004-June/000369.html
   http://www.openswan.org/support/vuln/can-2004-0590/
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6c597ac14ac13e281d2f685e01cfb120  10.0/RPMS/freeswan-2.04-3.1.100mdk.i586.rpm
 72975d40cd986612150eca445d123c69  10.0/RPMS/super-freeswan-1.99.8-8.1.100mdk.i586.rpm
 d26a97f445182fd6d37da1f0cb8b3a4a  10.0/RPMS/super-freeswan-doc-1.99.8-8.1.100mdk.i586.rpm
 6428713ada795017334807aae1b8b9e1  10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm
 0a8ea26452bf9275aca1f1b95c9997cc  10.0/SRPMS/super-freeswan-1.99.8-8.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 3ae552614dc10d672956e82cc062ef40  amd64/10.0/RPMS/freeswan-2.04-3.1.100mdk.amd64.rpm
 46d4b962019ca063a938057a817a015b  amd64/10.0/RPMS/super-freeswan-1.99.8-8.1.100mdk.amd64.rpm
 143b47584e409e517f2462a2311b37d8  amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.1.100mdk.amd64.rpm
 6428713ada795017334807aae1b8b9e1  amd64/10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm
 0a8ea26452bf9275aca1f1b95c9997cc  amd64/10.0/SRPMS/super-freeswan-1.99.8-8.1.100mdk.src.rpm

 Corporate Server 2.1:
 5b7577b574dcbb4244f08546aa45f372  corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.i586.rpm
 9b95691493ac84ad3ddce6f10f24ea0f  corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 3dfdb78ce29582b6734f61c2c0973936  x86_64/corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.x86_64.rpm
 9b95691493ac84ad3ddce6f10f24ea0f  x86_64/corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm

 Mandrakelinux 9.1:
 1093013e9c096abc37376c121c61c129  9.1/RPMS/freeswan-1.99-3.1.91mdk.i586.rpm
 c186b6edc304f4c8543ff7acb93fbca4  9.1/SRPMS/freeswan-1.99-3.1.91mdk.src.rpm

 Mandrakelinux 9.2:
 193ed47d74da8b50811e2103fffef056  9.2/RPMS/freeswan-2.01-2.1.92mdk.i586.rpm
 5a5c99eedc7a9df65b8d4e3d02501cfe  9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 45a782c82322e0f7c4377118475d5036  amd64/9.2/RPMS/freeswan-2.01-2.1.92mdk.amd64.rpm
 5a5c99eedc7a9df65b8d4e3d02501cfe  amd64/9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 023520bddf59be203bda9eba76d29033  mnf8.2/RPMS/freeswan-1.98b-2.2.M82mdk.i586.rpm
 d0d04c3d0a1842ab7cbfc8eae726113a  mnf8.2/SRPMS/freeswan-1.98b-2.2.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

   http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.