Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:14887-1

Опубликовано: 18 фев. 2022
Источник: suse-cvrf

Описание

Security update for strongswan

This update for strongswan fixes the following issues:

  • CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874)
  • CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874)
  • CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845)
  • CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471)

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
strongswan-4.4.0-6.36.12.1
strongswan-doc-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS
strongswan-4.4.0-6.36.12.1
strongswan-doc-4.4.0-6.36.12.1

Ссылки

Описание

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1
Ссылки

Описание

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1
Ссылки

Описание

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1
Ссылки

Описание

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Point of Sale 11 SP3:strongswan-doc-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-4.4.0-6.36.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:strongswan-doc-4.4.0-6.36.12.1
Ссылки