Openswan < 2.6.36 IKE Packet NULL Pointer Dereference Remote DoS

Medium Nessus Plugin ID 81052


The remote host is affected by a remote denial of service vulnerability.


The remote host is running a version of Openswan prior to version 2.6.36. It is, therefore, affected by a remote denial of service vulnerability due to a NULL pointer dereference flaw. A remote attacker, using a specially crafted ISAKMP message with an invalid KEY_LENGTH attribute, can cause a denial of service.


Upgrade to Openswan 2.6.36 or later.

See Also

Plugin Details

Severity: Medium

ID: 81052

File Name: openswan_ike_49984.nasl

Version: $Revision: 1.2 $

Type: remote

Family: Misc.

Published: 2015/01/28

Modified: 2015/01/29

Dependencies: 62695

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:openswan:openswan

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/10/05

Vulnerability Publication Date: 2011/10/05

Reference Information

CVE: CVE-2011-3380

BID: 49984

OSVDB: 76100