Vulnerability CVE-2011-4073

Vulnerability Name:

CVE-2011-4073 (CCN-71045)

Assigned:

2011-10-28

Published:

2011-10-28

Updated:

2019-07-29

Summary:

Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
3.0 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399
CWE-416

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2011-4073

Source: CCN
Type: RHSA-2011-1422
Moderate: openswan security update

Source: SECUNIA
Type: Vendor Advisory
46678

Source: CCN
Type: SA46681
Openswan Cryptographic Helper Use-After-Free Denial of Service Vulnerability

Source: SECUNIA
Type: Vendor Advisory
46681

Source: SECUNIA
Type: Vendor Advisory
47342

Source: DEBIAN
Type: UNKNOWN
DSA-2374

Source: DEBIAN
Type: DSA-2374
openswan -- implementation error

Source: CCN
Type: Openswan Web site
CVE-2011-4073 Openswan crypto helper crasher

Source: CONFIRM
Type: UNKNOWN
http://www.openswan.org/download/CVE-2011-4073/CVE-2011-4073.txt

Source: CCN
Type: OSVDB ID: 76725
Openswan Uuse-after-free Crypto Helper Handler ISAKMP Phase 1 Authentication Parsing Remote DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2011:1422

Source: BID
Type: UNKNOWN
50440

Source: CCN
Type: BID-50440
Openswan Crpyotgraphic Helper Use After Free Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1026268

Source: XF
Type: UNKNOWN
openswan-cryptographic-helper-dos(71045)

Vulnerable Configuration:

Configuration 1:

cpe:/a:xelerance:openswan:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.4:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.5:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.10:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.11:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.12:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.4.13:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.0:sbs4:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.0:sbs5:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.01:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.02:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.03:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.04:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.05:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.06:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.07:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.08:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.09:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.10:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.11:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.12:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.13:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.14:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.15:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.16:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.17:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.5.18:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.01:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.02:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.03:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.04:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.05:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.06:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.07:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.08:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.09:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.10:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.11:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.12:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.13:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.14:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.15:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.16:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.17:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.18:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.19:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.20:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.21:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.22:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.23:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.24:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.25:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.26:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.27:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.28:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.29:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.30:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.31:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.32:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.33:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.34:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.35:*:*:*:*:*:*:*

OR cpe:/a:xelerance:openswan:2.6.36:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20114073	V	CVE-2011-4073	2022-05-20
oval:org.opensuse.security:def:42201	P	Security update for libmspack (Low)	2022-01-13
oval:org.opensuse.security:def:31715	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:29456	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:33050	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:30131	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31273	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26120	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:32993	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31262	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31261	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:29412	P	Security update for openssl (Important)	2021-08-24
oval:org.opensuse.security:def:26076	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:30094	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:31628	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:26062	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:29356	P	Security update for samba (Important)	2021-04-29
oval:org.opensuse.security:def:32081	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:32898	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:28960	P	Security update for sudo (Important)	2021-03-24
oval:org.opensuse.security:def:31347	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:29395	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:28874	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:29307	P	Security update for spice-gtk (Important)	2020-12-16
oval:org.opensuse.security:def:32015	P	Security update for openssl (Important)	2020-12-11
oval:org.opensuse.security:def:35794	P	openswan-2.6.16-1.36.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32763	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33438	P	Security update for dnsmasq	2020-12-01
oval:org.opensuse.security:def:25356	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:28662	P	Security update for finch	2020-12-01
oval:org.opensuse.security:def:29253	P	Security update for tcpdump (Important)	2020-12-01
oval:org.opensuse.security:def:32719	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33461	P	Security update for IBM Java 1.6.0	2020-12-01
oval:org.opensuse.security:def:25420	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28663	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:32758	P	openswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33505	P	Security update for open-iscsi	2020-12-01
oval:org.opensuse.security:def:25548	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:28674	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31871	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:34143	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:25629	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28743	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:31927	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:33137	P	libadns1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34183	P	Security update for openswan	2020-12-01
oval:org.opensuse.security:def:25686	P	Security update for wicked (Important)	2020-12-01
oval:org.opensuse.security:def:26758	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31976	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:32672	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33293	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25770	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26793	P	openswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32673	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33350	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25344	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25921	P	Recommended update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:29017	P	Security update for various KMPs (Moderate)	2020-12-01
oval:org.opensuse.security:def:31479	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:32037	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32684	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33399	P	Security update for python-pycrypto (Important)	2020-12-01
oval:org.opensuse.security:def:25345	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25974	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:29101	P	Recommended update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31571	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.mitre.oval:def:15120	P	DSA-2374-1 openswan -- implementation error	2014-06-23
oval:org.mitre.oval:def:23495	P	ELSA-2011:1422: openswan security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21544	P	RHSA-2011:1422: openswan security update (Moderate)	2014-02-24
oval:com.ubuntu.precise:def:20114073000	V	CVE-2011-4073 on Ubuntu 12.04 LTS (precise) - low.	2011-11-17
oval:com.redhat.rhsa:def:20111422	P	RHSA-2011:1422: openswan security update (Moderate)	2011-11-02

BACK