Mandrake Linux Security Advisory : super-freeswan (MDKSA-2004:070-1)
Critical Nessus Plugin ID 14820
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances.
Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws.
Due to a build error, the super-freeswan packages did not include the pluto program. The updated packages fix this error.
SolutionUpdate the affected super-freeswan and / or super-freeswan-doc packages.