CVE-2011-4073

EUVD-2011-4025
Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
xeleranceopenswan
2.3.0
xeleranceopenswan
2.3.1
xeleranceopenswan
2.4.0
xeleranceopenswan
2.4.1
xeleranceopenswan
2.4.2
xeleranceopenswan
2.4.3
xeleranceopenswan
2.4.4
xeleranceopenswan
2.4.5
xeleranceopenswan
2.4.6
xeleranceopenswan
2.4.7
xeleranceopenswan
2.4.8
xeleranceopenswan
2.4.9
xeleranceopenswan
2.4.10
xeleranceopenswan
2.4.11
xeleranceopenswan
2.4.12
xeleranceopenswan
2.4.13
xeleranceopenswan
2.5.0
xeleranceopenswan
2.5.0:sbs4
xeleranceopenswan
2.5.0:sbs5
xeleranceopenswan
2.5.01
xeleranceopenswan
2.5.02
xeleranceopenswan
2.5.03
xeleranceopenswan
2.5.04
xeleranceopenswan
2.5.05
xeleranceopenswan
2.5.06
xeleranceopenswan
2.5.07
xeleranceopenswan
2.5.08
xeleranceopenswan
2.5.09
xeleranceopenswan
2.5.10
xeleranceopenswan
2.5.11
xeleranceopenswan
2.5.12
xeleranceopenswan
2.5.13
xeleranceopenswan
2.5.14
xeleranceopenswan
2.5.15
xeleranceopenswan
2.5.16
xeleranceopenswan
2.5.17
xeleranceopenswan
2.5.18
xeleranceopenswan
2.6.01
xeleranceopenswan
2.6.02
xeleranceopenswan
2.6.03
xeleranceopenswan
2.6.04
xeleranceopenswan
2.6.05
xeleranceopenswan
2.6.06
xeleranceopenswan
2.6.07
xeleranceopenswan
2.6.08
xeleranceopenswan
2.6.09
xeleranceopenswan
2.6.10
xeleranceopenswan
2.6.11
xeleranceopenswan
2.6.12
xeleranceopenswan
2.6.13
xeleranceopenswan
2.6.14
xeleranceopenswan
2.6.15
xeleranceopenswan
2.6.16
xeleranceopenswan
2.6.17
xeleranceopenswan
2.6.18
xeleranceopenswan
2.6.19
xeleranceopenswan
2.6.20
xeleranceopenswan
2.6.21
xeleranceopenswan
2.6.22
xeleranceopenswan
2.6.23
xeleranceopenswan
2.6.24
xeleranceopenswan
2.6.25
xeleranceopenswan
2.6.26
xeleranceopenswan
2.6.27
xeleranceopenswan
2.6.28
xeleranceopenswan
2.6.29
xeleranceopenswan
2.6.30
xeleranceopenswan
2.6.31
xeleranceopenswan
2.6.32
xeleranceopenswan
2.6.33
xeleranceopenswan
2.6.34
xeleranceopenswan
2.6.35
xeleranceopenswan
2.6.36
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openswan
hardy
Fixed 1:2.4.9+dfsg-1ubuntu0.1
released
lucid
ignored
maverick
ignored
natty
Fixed 1:2.6.28+dfsg-5squeeze1build0.11.04.1
released
oneiric
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/46678
http://secunia.com/advisories/46681
http://secunia.com/advisories/47342
http://www.debian.org/security/2011/dsa-2374
http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
http://www.redhat.com/support/errata/RHSA-2011-1422.html
http://www.securityfocus.com/bid/50440
http://www.securitytracker.com/id?1026268
http://secunia.com/advisories/46678
http://secunia.com/advisories/46681
http://secunia.com/advisories/47342
http://www.debian.org/security/2011/dsa-2374
http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt
http://www.redhat.com/support/errata/RHSA-2011-1422.html
http://www.securityfocus.com/bid/50440
http://www.securitytracker.com/id?1026268