MDKSA-2004:070

Package name

freeswan

Date

2004-07-14

Advisory ID

MDKSA-2004:070

Affected versions

9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , CS2.1 i586 , 10.0 i586 , 9.2 i586 , 9.1 i586 , MNF8.2 i586

Problem description

Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws.

Updated packages

9.2 amd64

 45a782c82322e0f7c4377118475d5036  amd64/9.2/RPMS/freeswan-2.01-2.1.92mdk.amd64.rpm
5a5c99eedc7a9df65b8d4e3d02501cfe  amd64/9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm

CS2.1 x86_64

 3dfdb78ce29582b6734f61c2c0973936  x86_64/corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.x86_64.rpm
9b95691493ac84ad3ddce6f10f24ea0f  x86_64/corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm

10.0 amd64

 3ae552614dc10d672956e82cc062ef40  amd64/10.0/RPMS/freeswan-2.04-3.1.100mdk.amd64.rpm
46d4b962019ca063a938057a817a015b  amd64/10.0/RPMS/super-freeswan-1.99.8-8.1.100mdk.amd64.rpm
143b47584e409e517f2462a2311b37d8  amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.1.100mdk.amd64.rpm
6428713ada795017334807aae1b8b9e1  amd64/10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm
0a8ea26452bf9275aca1f1b95c9997cc  amd64/10.0/SRPMS/super-freeswan-1.99.8-8.1.100mdk.src.rpm

CS2.1 i586

 5b7577b574dcbb4244f08546aa45f372  corporate/2.1/RPMS/freeswan-1.98b-3.1.C21mdk.i586.rpm
9b95691493ac84ad3ddce6f10f24ea0f  corporate/2.1/SRPMS/freeswan-1.98b-3.1.C21mdk.src.rpm

10.0 i586

 6c597ac14ac13e281d2f685e01cfb120  10.0/RPMS/freeswan-2.04-3.1.100mdk.i586.rpm
72975d40cd986612150eca445d123c69  10.0/RPMS/super-freeswan-1.99.8-8.1.100mdk.i586.rpm
d26a97f445182fd6d37da1f0cb8b3a4a  10.0/RPMS/super-freeswan-doc-1.99.8-8.1.100mdk.i586.rpm
6428713ada795017334807aae1b8b9e1  10.0/SRPMS/freeswan-2.04-3.1.100mdk.src.rpm
0a8ea26452bf9275aca1f1b95c9997cc  10.0/SRPMS/super-freeswan-1.99.8-8.1.100mdk.src.rpm

9.2 i586

 193ed47d74da8b50811e2103fffef056  9.2/RPMS/freeswan-2.01-2.1.92mdk.i586.rpm
5a5c99eedc7a9df65b8d4e3d02501cfe  9.2/SRPMS/freeswan-2.01-2.1.92mdk.src.rpm

9.1 i586

 1093013e9c096abc37376c121c61c129  9.1/RPMS/freeswan-1.99-3.1.91mdk.i586.rpm
c186b6edc304f4c8543ff7acb93fbca4  9.1/SRPMS/freeswan-1.99-3.1.91mdk.src.rpm

MNF8.2 i586

 023520bddf59be203bda9eba76d29033  mnf8.2/RPMS/freeswan-1.98b-2.2.M82mdk.i586.rpm
d0d04c3d0a1842ab7cbfc8eae726113a  mnf8.2/SRPMS/freeswan-1.98b-2.2.M82mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0590
• http://lists.openswan.org/pipermail/dev/2004-June/000369.html
• http://www.openswan.org/support/vuln/can-2004-0590/