Vulnerability CVE-2015-3991

Vulnerability Name:

CVE-2015-3991

Assigned:

2015-05-15

Published:

2017-09-07

Updated:

2018-08-13

Summary:

strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.

CVSS v3 Severity:

9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-19

References:

Source: MITRE
Type: CNA
CVE-2015-3991

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-5247

Source: FEDORA
Type: Third Party Advisory
FEDORA-2015-5279

Source: BID
Type: Third Party Advisory, VDB Entry
76861

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1222815

Source: CONFIRM
Type: UNKNOWN
https://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html

Vulnerable Configuration:

Configuration 1:

cpe:/a:strongswan:strongswan:5.2.2:*:*:*:*:*:*:*

OR cpe:/a:strongswan:strongswan:5.3.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20153991	V	CVE-2015-3991	2023-06-22
oval:org.opensuse.security:def:7810	P	strongswan-5.9.7-150500.3.4 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:686	P	Security update for ncurses (Moderate)	2022-08-09
oval:org.opensuse.security:def:568	P	Security update for python (Important)	2022-07-08
oval:org.opensuse.security:def:3204	P	liblouis-data-2.6.4-6.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3593	P	libfreetype6-2.6.3-7.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95223	P	strongswan-nm-5.8.2-150400.17.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94834	P	strongswan-5.8.2-150400.17.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:312	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:273	P	postgresql-13-8.30 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1812	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:1241	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:894	P	Security update for unbound (Important)	2022-01-25
oval:org.opensuse.security:def:113463	P	strongswan-5.3.5-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:67815	P	Security update for the Linux Kernel (Live Patch 22 for SLE 15) (Important)	2021-12-14
oval:org.opensuse.security:def:70328	P	Security update for glib-networking (Important)	2021-12-10
oval:org.opensuse.security:def:66972	P	Security update for tinyxml (Low)	2021-11-09
oval:org.opensuse.security:def:100663	P	(Moderate)	2021-10-06
oval:org.opensuse.security:def:106861	P	strongswan-5.3.5-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:89812	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96777	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71398	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:61657	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:71168	P	dbus-1-glib-0.108-1.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:103467	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:47709	P	libgcrypt20-1.6.1-16.61.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47418	P	libtcnative-1-0-1.1.34-12.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48317	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47855	P	perl-YAML-LibYAML-0.38-10.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47642	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46930	P	dstat-0.7.2-1.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47951	P	apache2-mod_jk-1.2.40-7.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48004	P	expat-2.1.0-21.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47255	P	fontconfig-2.11.1-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47090	P	libusbmuxd4-1.0.10-2.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48150	P	libmpfr4-3.1.2-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47495	P	rsyslog-8.24.0-1.20 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47225	P	cpio-2.11-35.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48246	P	ntp-4.2.8p13-85.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47793	P	libtag1-1.9.1-1.218 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47550	P	apache-commons-beanutils-1.9.2-1.149 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47920	P	xdg-utils-20140630-6.3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47790	P	libssh2-1-1.4.3-19.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47123	P	perl-Config-IniFiles-2.82-3.12 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47089	P	libupsclient1-2.7.1-4.55 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48022	P	gnome-keyring-3.20.0-28.3.18 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48088	P	libXvMC1-1.0.8-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47347	P	libgme0-0.6.0-5.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47104	P	mailx-12.5-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48215	P	libvirglrenderer0-0.5.0-11.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:2369	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63458	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:107681	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2431	P	strongswan-nm-5.8.2-11.8.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63520	P	strongswan-nm-5.8.2-11.8.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:94302	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101015	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62330	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101059	P	python3-Werkzeug-1.0.1-1.10 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101088	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72071	P	strongswan-5.8.2-11.8.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:66880	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:73663	P	Security update for qemu (Moderate)	2021-06-30
oval:org.opensuse.security:def:69881	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:46795	P	mozilla-nspr-32bit-4.10.10-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48955	P	libwpd-0_10-10-0.10.2-2.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71103	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:61362	P	strongswan-5.6.0-2.43 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:71055	P	mailx-12.5-1.87 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48714	P	cyrus-sasl-digestmd5-32bit-2.1.26-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46794	P	mipv6d-2.0.2.umip.0.4-19.77 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46809	P	pam_ssh-2.0-1.40 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48660	P	zoo-2.10-1020.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:70223	P	Security update for nginx (Important)	2021-05-27
oval:org.opensuse.security:def:93950	P	(Important)	2021-05-11
oval:org.opensuse.security:def:64468	P	Security update for wpa_supplicant (Moderate)	2021-04-13
oval:org.opensuse.security:def:69986	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:94346	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107329	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116887	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71724	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107725	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117240	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49009	P	libfbembed2_5-2.5.2.26539-15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:61983	P	strongswan-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2554	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63643	P	strongswan-nm-5.8.2-9.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49335	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66538	P	libtasn1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50253	P	strongswan-nm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49281	P	opensc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50199	P	libproxy1-config-gnome3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73203	P	libpng16-16 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:67715	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:66630	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73321	P	strongswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64381	P	libsha1detectcoll-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:73545	P	python-azure-agent on GA media (Moderate)	2020-12-01
oval:com.ubuntu.trusty:def:20153991000	V	CVE-2015-3991 on Ubuntu 14.04 LTS (trusty) - medium.	2017-09-07
oval:com.ubuntu.precise:def:20153991000	V	CVE-2015-3991 on Ubuntu 12.04 LTS (precise) - medium.	2015-06-01

BACK