ID

VAR-201401-0260


CVE

CVE-2013-6467


TITLE

Libreswan Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2013-005933

DESCRIPTION

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Versions prior to Libreswan 3.8 are vulnerable. Openswan is prone to a remote denial-of-service vulnerability due to a use-after-free error. An attacker may exploit this issue to crash the application, resulting in a denial-of-service condition. Note: This issue occurs only when Openswan is configured with 'nhelpers=0'. Openswan 2.3.0 to 2.6.36 are vulnerable

Trust: 2.97

sources: NVD: CVE-2013-6467 // JVNDB: JVNDB-2013-005933 // CNVD: CNVD-2014-00690 // BID: 65155 // BID: 64987 // BID: 50440

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00690

AFFECTED PRODUCTS

vendor:libreswanmodel:libreswanscope:eqversion:3.6

Trust: 1.9

vendor:libreswanmodel:libreswanscope:eqversion:3.4

Trust: 1.9

vendor:libreswanmodel:libreswanscope:eqversion:3.3

Trust: 1.9

vendor:libreswanmodel:libreswanscope:lteversion:3.7

Trust: 1.8

vendor:libreswanmodel:libreswanscope:eqversion:3.2

Trust: 1.6

vendor:libreswanmodel:libreswanscope:eqversion:3.0

Trust: 1.6

vendor:libreswanmodel:libreswanscope:eqversion:3.5

Trust: 1.6

vendor:libreswanmodel:libreswanscope:eqversion:3.1

Trust: 1.6

vendor:libreswanmodel:libreswanscope:eqversion:3.7

Trust: 0.9

vendor:openswanmodel:openswanscope:eqversion:3.7

Trust: 0.6

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.6

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.6

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.6

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.6

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.6

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.6

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.6

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.6

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.22

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.21

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.20

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.16

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.36

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.35

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.33

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.29

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.28

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.27

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.26

Trust: 0.6

vendor:openswanmodel:openswanscope:eqversion:2.6.25

Trust: 0.6

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.6

vendor:avayamodel:aura application server sip corescope:eqversion:53002.0

Trust: 0.6

vendor:phoenixmodel:contact fl mguard smart2 vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard smart2 vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard smart2scope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard smart2scope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4004 tx/dtx vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4004 tx/dtx vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4004 tx/dtxscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4004 tx/dtxscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx-pscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx-pscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx vpn-mscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx vpn-mscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/txscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/txscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs2005 tx vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs2005 tx vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs2000 tx/tx vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs2000 tx/tx vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs vpn analogscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs vpn analogscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rsscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rsscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pcie4000 vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pcie4000 vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pci4000 vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pci4000 vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pci4000scope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pci4000scope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard gt/gt vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard gt/gt vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard gt/gtscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard gt/gtscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard delta tx/tx vpnscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard delta tx/tx vpnscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard delta tx/txscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard delta tx/txscope:eqversion:8.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard centerportscope:eqversion:8.5.1

Trust: 0.3

vendor:phoenixmodel:contact fl mguard centerportscope:eqversion:8.0

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.38

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.37

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.34

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.31

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.30

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.24

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.23

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.19

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.18

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.17

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.15

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.14

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.2

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.39

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.13

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.12

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.11

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.10

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.09

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.08

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.07

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.06

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.05

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.04

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.03

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.6.01

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura conferencingscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53003.0

Trust: 0.3

vendor:phoenixmodel:contact fl mguard smart2 vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard smart2scope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4004 tx/dtx vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4004 tx/dtxscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx-pscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx vpn-mscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/tx vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs4000 tx/txscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs2005 tx vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs2000 tx/tx vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rs vpn analogscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard rsscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pcie4000 vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pci4000 vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard pci4000scope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard gt/gt vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard gt/gtscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard delta tx/tx vpnscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard delta tx/txscope:neversion:8.5.2

Trust: 0.3

vendor:phoenixmodel:contact fl mguard centerportscope:neversion:8.5.2

Trust: 0.3

vendor:libreswanmodel:libreswanscope:neversion:3.8

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.4.15

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.4.14

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.4.13

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.4.4

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.4.2

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.4

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.3.1

Trust: 0.3

vendor:openswanmodel:openswanscope:eqversion:2.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:avayamodel:aura application server sip corescope:eqversion:53002.1

Trust: 0.3

vendor:openswanmodel:openswanscope:neversion:2.6.37

Trust: 0.3

sources: CNVD: CNVD-2014-00690 // BID: 65155 // BID: 64987 // BID: 50440 // JVNDB: JVNDB-2013-005933 // CNNVD: CNNVD-201401-548 // NVD: CVE-2013-6467

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6467
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6467
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00690
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-548
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-6467
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00690
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-00690 // JVNDB: JVNDB-2013-005933 // CNNVD: CNNVD-201401-548 // NVD: CVE-2013-6467

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2013-005933 // NVD: CVE-2013-6467

THREAT TYPE

network

Trust: 0.9

sources: BID: 65155 // BID: 64987 // BID: 50440

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 65155 // BID: 64987

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005933

PATCH

title:CVE-2013-6467 Libreswan dereferencing missing IKEv2 payloads causes restarturl:https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt

Trust: 0.8

title:Patch for Openswan IKEv2 Load Remote Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/43206

Trust: 0.6

title:libreswan-3.8url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47727

Trust: 0.6

sources: CNVD: CNVD-2014-00690 // JVNDB: JVNDB-2013-005933 // CNNVD: CNNVD-201401-548

EXTERNAL IDS

db:NVDid:CVE-2013-6467

Trust: 3.9

db:BIDid:64987

Trust: 1.9

db:SECUNIAid:56420

Trust: 1.6

db:OSVDBid:102172

Trust: 1.6

db:BIDid:65155

Trust: 0.9

db:JVNDBid:JVNDB-2013-005933

Trust: 0.8

db:CNVDid:CNVD-2014-00690

Trust: 0.6

db:XFid:90522

Trust: 0.6

db:XFid:20136467

Trust: 0.6

db:CNNVDid:CNNVD-201401-548

Trust: 0.6

db:ICS CERTid:ICSA-17-250-02

Trust: 0.3

db:BIDid:50440

Trust: 0.3

sources: CNVD: CNVD-2014-00690 // BID: 65155 // BID: 64987 // BID: 50440 // JVNDB: JVNDB-2013-005933 // CNNVD: CNNVD-201401-548 // NVD: CVE-2013-6467

REFERENCES

url:https://libreswan.org/security/cve-2013-6467/cve-2013-6467.txt

Trust: 3.1

url:http://www.securityfocus.com/bid/64987

Trust: 1.6

url:http://secunia.com/advisories/56420

Trust: 1.6

url:http://osvdb.org/102172

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90522

Trust: 1.0

url:http://www.openswan.org/

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6467

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6467

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/90522

Trust: 0.6

url:https://downloads.avaya.com/css/p8/documents/100178570

Trust: 0.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-250-02

Trust: 0.3

url:https://download.libreswan.org/changes

Trust: 0.3

url:http://support.avaya.com/css/p8/documents/100152275

Trust: 0.3

sources: CNVD: CNVD-2014-00690 // BID: 65155 // BID: 64987 // BID: 50440 // JVNDB: JVNDB-2013-005933 // CNNVD: CNNVD-201401-548 // NVD: CVE-2013-6467

CREDITS

Iustina Melinte

Trust: 0.6

sources: BID: 65155 // BID: 64987

SOURCES

db:CNVDid:CNVD-2014-00690
db:BIDid:65155
db:BIDid:64987
db:BIDid:50440
db:JVNDBid:JVNDB-2013-005933
db:CNNVDid:CNNVD-201401-548
db:NVDid:CVE-2013-6467

LAST UPDATE DATE

2024-11-23T20:10:59.450000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-00690date:2014-02-13T00:00:00
db:BIDid:65155date:2017-09-08T13:13:00
db:BIDid:64987date:2015-04-13T21:58:00
db:BIDid:50440date:2015-04-13T21:50:00
db:JVNDBid:JVNDB-2013-005933date:2014-01-28T00:00:00
db:CNNVDid:CNNVD-201401-548date:2014-01-28T00:00:00
db:NVDid:CVE-2013-6467date:2024-11-21T01:59:17.280

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-00690date:2014-01-29T00:00:00
db:BIDid:65155date:2014-01-27T00:00:00
db:BIDid:64987date:2014-01-15T00:00:00
db:BIDid:50440date:2011-10-31T00:00:00
db:JVNDBid:JVNDB-2013-005933date:2014-01-28T00:00:00
db:CNNVDid:CNNVD-201401-548date:2014-01-28T00:00:00
db:NVDid:CVE-2013-6467date:2014-01-26T20:55:05.377