SB2022021825 - SUSE update for strongswan 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022021825

SB2022021825 - SUSE update for strongswan

Published: February 18, 2022

Security Bulletin ID SB2022021825
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 25% Medium 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Improper Authentication (CVE-ID: CVE-2018-16151)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in RSA implementation based on GMP (verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c) within the gmp plugin that does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.

Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.


2) Improper Authentication (CVE-ID: CVE-2018-16152)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the RSA implementation based on GMP within the verify_emsa_pkcs1_signature() function in gmp_rsa_public_key.c in the gmp plugin. The GMP plugin does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.

Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.


3) Buffer overflow (CVE-ID: CVE-2018-17540)

The vulnerability allows a remote attacker to perform denial of service attacks.

The vulnerability exists due to a boundary error when processing certificates within gmp plugin. A remote attacker can create a specially crafted certificate, pass it to the affected application and trigger application crash.


4) State Issues (CVE-ID: CVE-2021-45079)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper handling of EAP-Success messages. A remote attacker can send a specially crafted (early) EAP-Success message to the affected system and bypass authentication or perform a denial of service attack.


Remediation

Install update from vendor's website.

References