{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Openswan versions 2.x ant\u00e9rieures \u00e0 la version 2.1.4 ;","product":{"name":"N/A","vendor":{"name":"StrongSwan","scada":false}}},{"description":"FreeS/Wan versions 1.x avec la mise \u00e0 jour X.509 ant\u00e9rieures \u00e0 la version 0.9.41 ;","product":{"name":"N/A","vendor":{"name":"StrongSwan","scada":false}}},{"description":"Super FreeS/Wan 1.x, toutes les versions avec la mise \u00e0 jour X.509 ;","product":{"name":"N/A","vendor":{"name":"StrongSwan","scada":false}}},{"description":"Openswan versions 1.x ant\u00e9rieures \u00e0 la version 1.0.6 ;","product":{"name":"N/A","vendor":{"name":"StrongSwan","scada":false}}},{"description":"StrongSwan versions 2.x ant\u00e9rieures \u00e0 la version 2.1.3 ;","product":{"name":"N/A","vendor":{"name":"StrongSwan","scada":false}}},{"description":"FreeS/Wan versions 2.x avec la mise \u00e0 jour X.509 ant\u00e9rieures \u00e0 la version 1.6.1 ;","product":{"name":"N/A","vendor":{"name":"StrongSwan","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans une fonction de v\u00e9rification des\ncertificats X.509 (verify_x509cert()) permet \u00e0 un utilisateur mal\nintentionn\u00e9, via l'envoi d'un certificat malicieusement construit, de\nr\u00e9aliser un d\u00e9ni de service ou de contourner la politique de s\u00e9curit\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo du 25 juin 2004 :","url":"http://security.gentoo.org/glsa/glsa-200406-20.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandrake du 14 juillet 2004 :","url":"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:070"}],"reference":"CERTA-2004-AVI-245","revisions":[{"description":"version initiale.","revision_date":"2004-07-15T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9 dans FreeS/Wan, Openswan, StrongSwan et Super FreeS/Wan","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Openswan","url":"http://www.openswan.org/support/vuln/can-2004-0590/"}]}