The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
https://lists.strongswan.org/pipermail/users/2010-August/005167.html
https://bugzilla.novell.com/615915
http://www.vupen.com/english/advisories/2010/2086
http://www.vupen.com/english/advisories/2010/2085
http://www.securitytracker.com/id?1024338
http://www.securityfocus.com/bid/42444
http://trac.strongswan.org/projects/strongswan/wiki/441
http://secunia.com/advisories/40956
http://lists.opensuse.org/opensuse-updates/2010-08/msg00026.html
http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.4.0_snprintf.patch
http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.6_snprintf.patch
http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.5_snprintf.patch
http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.4_snprintf.patch
http://download.strongswan.org/patches/08_snprintf_patch/strongswan-4.3.3_snprintf.patch