SB2017053128 - Improper input validation in strongswan (Alpine package)
Published: May 31, 2017
Security Bulletin ID
SB2017053128
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2017-9022)
RSA public keys passed to the gmp plugin in strongSwan aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b2909ae5d93989f6f7aa2506a963bb8061269792
- https://git.alpinelinux.org/aports/commit/?id=f48354faeaa48613ec150ba912a378e92d8fd969
- https://git.alpinelinux.org/aports/commit/?id=ed2876361e4be4201d60d14712478e77f83a87e6
- https://git.alpinelinux.org/aports/commit/?id=c230c56fced0fa200359730435bbce4792cd3e11
- https://git.alpinelinux.org/aports/commit/?id=7fc2f4d05809912063bfe8a962dc13d5ddedede5
- https://git.alpinelinux.org/aports/commit/?id=ac75b4cf5fdcc373908bd64393d0be391b2edb34
- https://git.alpinelinux.org/aports/commit/?id=73c141f3470739c757e59dc00b5a6c58861f9365
- https://git.alpinelinux.org/aports/commit/?id=9a6a7cfb656f54db0871293e52cee189cab41be3
- https://git.alpinelinux.org/aports/commit/?id=b9f9484b5a7eb04f6f3f67df3e650e9b4433e99b
- https://git.alpinelinux.org/aports/commit/?id=82ccbbfff5cbbf01b74519ddd9bc16c487b449e6
- https://git.alpinelinux.org/aports/commit/?id=f647e2d3d31f6c5e3c4f4f41bfbee7eea8d02271