Candidate: CVE-2013-2054
PublicDate: 2013-07-09 17:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2054
 http://download.strongswan.org/patches/11_pluto_atodn_patch/CVE-2013-2054.txt
Description:
 Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4,
 when Opportunistic Encryption is enabled and an RSA key is being used,
 allows remote attackers to cause a denial of service (pluto IKE daemon
 crash) and possibly execute arbitrary code via crafted DNS TXT records.
 NOTE: this might be the same vulnerability as CVE-2013-2053 and
 CVE-2013-2054.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 


Patches_strongswan:
upstream_strongswan: released (4.3.4-1)
lucid_strongswan: ignored (reached end-of-life)
precise_strongswan: not-affected (4.5.2-1.2)
quantal_strongswan: not-affected
raring_strongswan: not-affected
saucy_strongswan: not-affected
devel_strongswan: not-affected