CVE-2009-2661 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-2661 Interim 1 11 2023-12-09T02:03:14Z current 2021-05-30T12:47:51Z 2023-12-09T02:03:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-2661 The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62/#ONCZEJ2OSRDB5UJWYUEBLKJ7IUHPOR62 E-Mail link for SUSE-SR:2009:016 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VMEAISLN34UWMY72L5AVPLMJAVE4JTFW/#VMEAISLN34UWMY72L5AVPLMJAVE4JTFW E-Mail link for SUSE-SR:2009:018 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 openswan-2.6.16-1.34.3 openswan-doc-2.6.16-1.34.3 strongswan-4.2.8-1.27.2 strongswan-doc-4.2.8-1.27.2 openswan-2.6.16-1.34.3 as a component of SUSE Linux Enterprise Server 11 openswan-doc-2.6.16-1.34.3 as a component of SUSE Linux Enterprise Server 11 strongswan-4.2.8-1.27.2 as a component of SUSE Linux Enterprise Server 11 strongswan-doc-4.2.8-1.27.2 as a component of SUSE Linux Enterprise Server 11 openswan-2.6.16-1.34.3 as a component of SUSE Linux Enterprise Server for SAP Applications 11 openswan-doc-2.6.16-1.34.3 as a component of SUSE Linux Enterprise Server for SAP Applications 11 strongswan-4.2.8-1.27.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 strongswan-doc-4.2.8-1.27.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185. CVE-2009-2661 SUSE Linux Enterprise Server 11:openswan-2.6.16-1.34.3 SUSE Linux Enterprise Server 11:openswan-doc-2.6.16-1.34.3 SUSE Linux Enterprise Server 11:strongswan-4.2.8-1.27.2 SUSE Linux Enterprise Server 11:strongswan-doc-4.2.8-1.27.2 SUSE Linux Enterprise Server for SAP Applications 11:openswan-2.6.16-1.34.3 SUSE Linux Enterprise Server for SAP Applications 11:openswan-doc-2.6.16-1.34.3 SUSE Linux Enterprise Server for SAP Applications 11:strongswan-4.2.8-1.27.2 SUSE Linux Enterprise Server for SAP Applications 11:strongswan-doc-4.2.8-1.27.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P