SB2024062625 - Gentoo update for strongSwan

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024062625

SB2024062625 - Gentoo update for strongSwan

Published: June 26, 2024

Security Bulletin ID SB2024062625
Severity
High
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 75% Medium 25%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Integer overflow (CVE-ID: CVE-2021-41991)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing multiple requests with different certificates. A remote attacker can send specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) State Issues (CVE-ID: CVE-2021-45079)

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper handling of EAP-Success messages. A remote attacker can send a specially crafted (early) EAP-Success message to the affected system and bypass authentication or perform a denial of service attack.


3) Improper Certificate Validation (CVE-ID: CVE-2022-40617)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error within the revocation plugin, which uses potentially untrusted OCSP URIs and CRL distribution points (CDP) in certificates. A remote attacker can initiate the IKE_SAs and send crafted certificates that contain URIs pointing to servers under their control. As a result, a remote attacker can perform a denial of service (DoS) attack.


4) Expired pointer dereference (CVE-ID: CVE-2023-26463)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in libtls implementation that treats the public key from the peer's certificate as trusted, even if the certificate can't be verified successfully. A remote attacker can supply a self-signed certificate to a server that authenticates clients with a TLS-based EAP method like EAP-TLS, trigger an expired pointer dereference and crash the server or execute arbitrary code.


Remediation

Install update from vendor's website.

References