The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 5.0 | MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Hyperlink | Source | Resource |
|---|---|---|
| http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch | cve@mitre.org | Patch |
| http://www.debian.org/security/2012/dsa-2789 | cve@mitre.org | N/A |
| http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html | cve@mitre.org | Patch Vendor Advisory |
| http://download.strongswan.org/security/CVE-2013-6075/strongswan-4.3.3-5.1.0_id_dn_match.patch | af854a3a-2127-422b-91ae-364da2661108 | Patch |
| http://www.debian.org/security/2012/dsa-2789 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html | af854a3a-2127-422b-91ae-364da2661108 | Patch Vendor Advisory |