Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xelerance Openswan 安全漏洞
Vulnerability Description
Xelerance OpenSwan是加拿大Xelerance公司的一个基于FreeS/WAN项目的用于Linux系统下的IPSEC实现,它主要用于保证数据传输中的安全性、完整性等问题。 Xelerance Openswan 2.6.50.1之前版本中的lib/liboswkeys/signatures.c文件的verify_signed_hash()存在安全漏洞。远程攻击者可利用该漏洞伪造签名。
CVSS Information
N/A
Vulnerability Type
N/A