Candidate: CVE-2009-0790
PublicDate: 2009-04-01 10:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0790
Description:
 The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and
 2.4 before 2.4.14, and Strongswan 4.2 before 4.2.14 and 2.8 before 2.8.9,
 allows remote attackers to cause a denial of service (daemon crash and
 restart) via a crafted (1) R_U_THERE or (2) R_U_THERE_ACK Dead Peer
 Detection (DPD) IPsec IKE Notification message that triggers a NULL pointer
 dereference related to inconsistent ISAKMP state and the lack of a phase2
 state association in DPD.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_strongswan:
upstream_strongswan: released (4.2.14-1)
dapper_strongswan: DNE
gutsy_strongswan: needed (reached end-of-life)
hardy_strongswan: ignored (reached end-of-life)
intrepid_strongswan: needed (reached end-of-life)
jaunty_strongswan: ignored (reached end-of-life)
karmic_strongswan: not-affected (4.3.2-1ubuntu3)
lucid_strongswan: not-affected
maverick_strongswan: not-affected
natty_strongswan: not-affected
oneiric_strongswan: not-affected
devel_strongswan: not-affected

Patches_openswan:
upstream_openswan: released (1:2.6.21+dfsg-1)
dapper_openswan: ignored (reached end-of-life)
gutsy_openswan: needed (reached end-of-life)
hardy_openswan: released (1:2.4.9+dfsg-1ubuntu0.1)
intrepid_openswan: needed (reached end-of-life)
jaunty_openswan: ignored (reached end-of-life)
karmic_openswan: not-affected (1:2.6.22+dfsg-1.1ubuntu1)
lucid_openswan: not-affected
maverick_openswan: not-affected
natty_openswan: not-affected
oneiric_openswan: not-affected
devel_openswan: not-affected