In association with heise online

03 June 2009, 10:40

Security Updates for strongSwan

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of strongSwan, the free IPsec implementation, have released new versions and patches to eliminate two denial of service vulnerabilities in the IKEv2 Charon, key exchange daemon. One vulnerability allows a malformed IKE_SA_INIT request to leave the Charon daemon in an incomplete state, which could lead to a crash if CREATE_CHILD_SA was received later. The other vulnerability could be triggered by a malformed IKE_AUTH request that was missing its traffic selector payload, which would also cause the IKEv2 Charon to crash.

In practice, these vulnerabilities could lead to deterioration in existing VPN connections and, if repeated, cause communications to come to a halt. The problem affects versions of strongSwan 4.1.0 to 4.3.0. Fixes are included in versions 4.2.15 and 4.3.1 which are available to download and patches have also been published.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit