製品・ソフトウェアに関する情報

JVN脆弱性詳細

strongSwan におけるサービス運用妨害 (DoS) の脆弱性

タイトル	strongSwan におけるサービス運用妨害 (DoS) の脆弱性
概要	strongSwan には、サービス運用妨害 (デーモンクラッシュ) 状態となる脆弱性が存在します。
想定される影響	第三者により、Key Exchange ペイロード内の大量の NULL 値を伴う IKE_SA_INIT メッセージを介して、GNU Multiprecision Library (GMP) 内の mpz_export 関数のリターン値に対して NULL ポインタデリファレンスを誘発され、サービス運用妨害 (デーモンクラッシュ) 状態にされる可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2008年10月14日0:00
登録日	2012年12月20日18:52
最終更新日	2012年12月20日18:52

CVSS2.0 : 警告
スコア	5
ベクター	AV:N/AC:L/Au:N/C:N/I:N/A:P

影響を受けるシステム

strongSwan

strongSwan 4.2.6 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-4551	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4551
National Vulnerability Database (NVD)
2	CVE-2008-4551	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4551

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-399	https://jvndb.jvn.jp/ja/cwe/CWE-399.html

ベンダー情報

No	名前	URL
strongSwan
1	CHANGES4	http://download.strongswan.org/CHANGES4.txt

変更履歴

No	変更内容	変更日
0	[2012年12月20日] 掲載	2018年2月17日10:37

NVD脆弱性情報

CVE-2008-4551

概要	strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).
概要	strongSwan 4.2.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante un mensaje con un número grande de valores NULL en una carga útil Key Exchange, lo que dispara una referencia a un puntero NULL para el valor de retorno de la función mpz_export en la GNU Multiprecision Library (GMP) (Biblioteca de Multiprecisión GNU).
公表日	2008年10月15日5:00
登録日	2021年1月29日13:43
最終更新日	2026年4月23日9:35

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:strongswan:strongswan::::::::		4.2.6
cpe:2.3:a:strongswan:strongswan:2.0.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.0.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.0.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.4:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.5:::::::*
cpe:2.3:a:strongswan:strongswan:2.2.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.2.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.2.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.3.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.3.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.3.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.0a:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.4:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.5:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.6:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.7:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.4:::::::*
cpe:2.3:a:strongswan:strongswan:2.7.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.1:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.2:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.3:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.4:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.5:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.6:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.7:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.1:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.2:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.3:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.4:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.5:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.6:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.7:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.8:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.9:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.10:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.11:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.1:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.2:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.3:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.4:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.5:::::::*

構成1	以上	以下	より上	未満
cpe:2.3:a:strongswan:strongswan::::::::		4.2.6
cpe:2.3:a:strongswan:strongswan:2.0.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.0.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.0.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.4:::::::*
cpe:2.3:a:strongswan:strongswan:2.1.5:::::::*
cpe:2.3:a:strongswan:strongswan:2.2.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.2.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.2.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.3.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.3.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.3.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.0a:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.4.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.4:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.5:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.6:::::::*
cpe:2.3:a:strongswan:strongswan:2.5.7:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.0:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.1:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.2:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.3:::::::*
cpe:2.3:a:strongswan:strongswan:2.6.4:::::::*
cpe:2.3:a:strongswan:strongswan:2.7.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.1:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.2:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.3:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.4:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.5:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.6:::::::*
cpe:2.3:a:strongswan:strongswan:4.0.7:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.1:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.2:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.3:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.4:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.5:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.6:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.7:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.8:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.9:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.10:::::::*
cpe:2.3:a:strongswan:strongswan:4.1.11:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.0:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.1:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.2:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.3:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.4:::::::*
cpe:2.3:a:strongswan:strongswan:4.2.5:::::::*

No	URL	refsource
1	http://download.strongswan.org/CHANGES4.txt	cve@mitre.org
2	http://labs.mudynamics.com/advisories/MU-200809-01.txt	cve@mitre.org
3	http://secunia.com/advisories/31963	cve@mitre.org
4	http://www.securityfocus.com/bid/31291	cve@mitre.org
5	http://www.securitytracker.com/id?1020903	cve@mitre.org
6	http://www.vupen.com/english/advisories/2008/2660	cve@mitre.org
7	http://download.strongswan.org/CHANGES4.txt	af854a3a-2127-422b-91ae-364da2661108
8	http://labs.mudynamics.com/advisories/MU-200809-01.txt	af854a3a-2127-422b-91ae-364da2661108
9	http://secunia.com/advisories/31963	af854a3a-2127-422b-91ae-364da2661108
10	http://www.securityfocus.com/bid/31291	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securitytracker.com/id?1020903	af854a3a-2127-422b-91ae-364da2661108
12	http://www.vupen.com/english/advisories/2008/2660	af854a3a-2127-422b-91ae-364da2661108