Openswan:

> Search

Openswan is an implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms, including x86, x86_64, ia64, MIPS and ARM.

March 30 2009: Security release for CVE-2009-0790 (local copy)

These patches fix a Denial of Service vulnerability present in all versions of Openswan (and Superfreeswan and Strongswan) when an unencrypted Dead Peer Detection (RFC-3706) with bogus (or deleted) state is received.
When such a packet is received, the pluto daemon crashes and restarts.

These patches are included in openswan-2.6.21 (SIG) and above and openswan-2.4.14 (SIG). If you cannot upgrade, please apply one of the following patches:

openswan-2.6.x-dpd_null_state.patch should be applied to:
- openswan-2.6.x < 2.6.21
openswan-2.x.x-dpd_null_state.patch should be applied to:
- openswan-2.4.x < 2.4.14 (Maintenance mode)
- openswan-2.5.x (EOL)
- openswan-2.0.0 through openswan-2.3.1 (EOL)
- openswan-1.x (EOL)
- superfreeswan (EOL)

Building and Integrating Virtual Private Networks with Openswan is now available. Order your copy now at Amazon.com or directly from our publisher Packt Publishing.