MDKSA-2004:070-1

Package name

super-freeswan

Date

2004-09-20

Advisory ID

MDKSA-2004:070-1

Affected versions

10.0 amd64 , 10.0 i586

Problem description

Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. Update: Due to a build error, the super-freeswan packages did not include the pluto program. The updated packages fix this error.

Updated packages

10.0 amd64

 0125ca974282b60d0cbfe5661523a44c  amd64/10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.amd64.rpm
398996877b35d0b04130d35d939b9372  amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.amd64.rpm
4cc876821005905818c2f2aa590601c2  amd64/10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm

10.0 i586

 fa37ec26d95abe88531f412b19fd4312  10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.i586.rpm
2a82a0cb9c3f47d658f40a36aad8cd04  10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.i586.rpm
4cc876821005905818c2f2aa590601c2  10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0590
• http://lists.openswan.org/pipermail/dev/2004-June/000369.html
• http://www.openswan.org/support/vuln/can-2004-0590/