Candidate: CVE-2011-4073
PublicDate: 2011-11-17 19:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4073
 http://openswan.org/security/CVE-2011-4073.php
Description:
 Use-after-free vulnerability in the cryptographic helper handler
 functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated
 users to cause a denial of service (pluto IKE daemon crash) via vectors
 related to the (1) quick_outI1_continue and (2) quick_outI1 functions.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 

Patches_openswan:
 upstream: http://openswan.org/download/CVE-2011-4073/openswan-2.x.x-CVE-2011-4073.patch
 vendor: http://www.debian.org/security/2011/dsa-2374
upstream_openswan: released (2.6.37)
hardy_openswan: released (1:2.4.9+dfsg-1ubuntu0.1)
lucid_openswan: ignored (reached end-of-life)
maverick_openswan: ignored (reached end-of-life)
natty_openswan: released (1:2.6.28+dfsg-5squeeze1build0.11.04.1)
oneiric_openswan: ignored (reached end-of-life)
precise_openswan: not-affected (1:2.6.37-1)
quantal_openswan: not-affected (1:2.6.37-1)
raring_openswan: not-affected (1:2.6.37-1)
saucy_openswan: not-affected (1:2.6.37-1)
devel_openswan: not-affected (1:2.6.37-1)