CVE-2013-2944
CVE-2013-2944
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patchhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00014.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00121.htmlhttp://www.debian.org/security/2013/dsa-2665http://www.securityfocus.com/bid/59580http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-%28cve-2013-2944%29.html