Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-0790

The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9, allows remote attackers to cause a denial of service (daemon crash and restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer dereference related to inconsistent ISAKMP state and the lack of a phase2 state association in DPD.

Published

2009-04-01T10:30:00.267

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	strongswan	strongswan	2.4.0	Yes
Application	strongswan	strongswan	2.4.0a	Yes
Application	strongswan	strongswan	2.4.1	Yes
Application	strongswan	strongswan	2.4.2	Yes
Application	strongswan	strongswan	2.4.3	Yes
Application	strongswan	strongswan	2.4.4	Yes
Application	strongswan	strongswan	2.6.0	Yes
Application	strongswan	strongswan	2.6.1	Yes
Application	strongswan	strongswan	2.6.2	Yes
Application	strongswan	strongswan	2.6.3	Yes
Application	strongswan	strongswan	2.6.4	Yes
Application	strongswan	strongswan	2.8.0	Yes
Application	strongswan	strongswan	2.8.1	Yes
Application	strongswan	strongswan	2.8.2	Yes
Application	strongswan	strongswan	2.8.3	Yes
Application	strongswan	strongswan	2.8.4	Yes
Application	strongswan	strongswan	2.8.5	Yes
Application	strongswan	strongswan	2.8.6	Yes
Application	strongswan	strongswan	2.8.7	Yes
Application	strongswan	strongswan	2.8.8	Yes
Application	strongswan	strongswan	4.2.0	Yes
Application	strongswan	strongswan	4.2.1	Yes
Application	strongswan	strongswan	4.2.2	Yes
Application	strongswan	strongswan	4.2.3	Yes
Application	strongswan	strongswan	4.2.4	Yes
Application	strongswan	strongswan	4.2.5	Yes
Application	strongswan	strongswan	4.2.6	Yes
Application	strongswan	strongswan	4.2.7	Yes
Application	strongswan	strongswan	4.2.8	Yes
Application	strongswan	strongswan	4.2.9	Yes
Application	strongswan	strongswan	4.2.10	Yes
Application	strongswan	strongswan	4.2.11	Yes
Application	strongswan	strongswan	4.2.12	Yes
Application	strongswan	strongswan	4.2.13	Yes
Application	xelerance	openswan	2.4.0	Yes
Application	xelerance	openswan	2.4.1	Yes
Application	xelerance	openswan	2.4.2	Yes
Application	xelerance	openswan	2.4.3	Yes
Application	xelerance	openswan	2.4.4	Yes
Application	xelerance	openswan	2.4.5	Yes
Application	xelerance	openswan	2.4.9	Yes
Application	xelerance	openswan	2.4.10	Yes
Application	xelerance	openswan	2.6.03	Yes
Application	xelerance	openswan	2.6.04	Yes
Application	xelerance	openswan	2.6.05	Yes
Application	xelerance	openswan	2.6.06	Yes
Application	xelerance	openswan	2.6.07	Yes
Application	xelerance	openswan	2.6.08	Yes
Application	xelerance	openswan	2.6.09	Yes
Application	xelerance	openswan	2.6.10	Yes
Application	xelerance	openswan	2.6.11	Yes
Application	xelerance	openswan	2.6.12	Yes
Application	xelerance	openswan	2.6.13	Yes
Application	xelerance	openswan	2.6.14	Yes
Application	xelerance	openswan	2.6.15	Yes
Application	xelerance	openswan	2.6.16	Yes
Application	xelerance	openswan	2.6.17	Yes
Application	xelerance	openswan	2.6.18	Yes
Application	xelerance	openswan	2.6.19	Yes
Application	xelerance	openswan	2.6.20	Yes

References

http://download.strongswan.org/CHANGES4.txt Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html ([email protected])
http://secunia.com/advisories/34472 Vendor Advisory ([email protected])
http://secunia.com/advisories/34483 Vendor Advisory ([email protected])
http://secunia.com/advisories/34494 Vendor Advisory ([email protected])
http://secunia.com/advisories/34546 Vendor Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1759 Patch ([email protected])
http://www.debian.org/security/2009/dsa-1760 Patch ([email protected])
http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0402.html ([email protected])
http://www.securityfocus.com/archive/1/502270/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/34296 Patch ([email protected])
http://www.securitytracker.com/id?1021949 ([email protected])
http://www.securitytracker.com/id?1021950 ([email protected])
http://www.vupen.com/english/advisories/2009/0886 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/49523 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171 ([email protected])
http://download.strongswan.org/CHANGES4.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34472 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34483 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34494 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34546 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1759 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1760 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.openswan.org/CVE-2009-0790/CVE-2009-0790.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0402.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/502270/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/34296 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021949 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021950 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0886 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49523 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11171 (af854a3a-2127-422b-91ae-364da2661108)