CVE-2019-10155

Опубликовано: 10 июн. 2019

Источник: redhat

CVSS3: 3.1

Описание

The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29.

A vulnerability was found in the Libreswan Project. It was discovered that libreswan, strongswan, and openswan did not verify the integrity check value for received IKEv1 Informational Exchange packets.

Меры по смягчению последствий

If all IKE peers support IKEv2, it is possible to reconfigure IKEv1 connections to use IKEv2 via the "ikev2=insist" keyword.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	openswan	Out of support scope
Red Hat Enterprise Linux 6	libreswan	Out of support scope
Red Hat Enterprise Linux 6	openswan	Out of support scope
Red Hat Enterprise Linux 7	libreswan	Out of support scope
Red Hat Enterprise Linux 8	libreswan	Fixed	RHSA-2019:3391	05.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-354

https://bugzilla.redhat.com/show_bug.cgi?id=1714141libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check

3.1 Low

CVSS3