Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Openswan, memory leaks

October 2008 by Vigil@nce

An attacker can use several memory leaks in order to create a denial of service in Openswan.

- Gravity: 2/4
- Consequences: denial of service of service
- Provenance: internet client
- Means of attack: no proof of concept, no attack
- Ability of attacker: expert (4/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: high (3/3)
- Creation date: 07/10/2008

IMPACTED PRODUCTS

- Openswan

DESCRIPTION

The Openswan product implements IPsec for Linux.

Several memory leaks were announced:
- when there is no available file descriptors
- during Pluto (key management) usage
- in several unspecified locations

An attacker can therefore use several memory leaks in order to progressively create a denial of service in Openswan.

CHARACTERISTICS

- Identifiers: VIGILANCE-VUL-8150
- Url: http://vigilance.aql.fr/vulnerability/8150




See previous articles

    

See next articles