The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:14887-1 advisory.

  - In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x     before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm     OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan     regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents     are being used, which could lead to impersonation when only an RSA signature is used for IKEv2     authentication. (CVE-2018-16151)

  - In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x     before 5.7.0, the RSA implementation based on GMP does not reject excess data in the     digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote     attacker can forge signatures when small public exponents are being used, which could lead to     impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of     CVE-2006-4790 and CVE-2014-1568. (CVE-2018-16152)

  - The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate.
    (CVE-2018-17540)

  - In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without     actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only     authentication for IKEv2) even without server authentication. (CVE-2021-45079)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the strongimcv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The gmp plugin in strongSwan before 5.7.1 has a Buffer     Overflow via a crafted certificate.(CVE-2018-17540)

  - In verify_emsa_pkcs1_signature() in     gmp_rsa_public_key.c in the gmp plugin in strongSwan     4.x and 5.x before 5.7.0, the RSA implementation based     on GMP does not reject excess data in the     digestAlgorithm.parameters field during PKCS#1 v1.5     signature verification. Consequently, a remote attacker     can forge signatures when small public exponents are     being used, which could lead to impersonation when only     an RSA signature is used for IKEv2 authentication. This     is a variant of CVE-2006-4790 and     CVE-2014-1568.(CVE-2018-16152)

  - In verify_emsa_pkcs1_signature() in     gmp_rsa_public_key.c in the gmp plugin in strongSwan     4.x and 5.x before 5.7.0, the RSA implementation based     on GMP does not reject excess data after the encoded     algorithm OID during PKCS#1 v1.5 signature     verification. Similar to the flaw in the same version     of strongSwan regarding digestAlgorithm.parameters, a     remote attacker can forge signatures when small public     exponents are being used, which could lead to     impersonation when only an RSA signature is used for     IKEv2 authentication.(CVE-2018-16151)

  - strongSwan 5.6.0 and older allows Remote Denial of     Service because of Missing Initialization of a     Variable.(CVE-2018-10811)

  - The gmp plugin in strongSwan before 5.5.3 does not     properly validate RSA public keys before calling     mpz_powm_sec, which allows remote peers to cause a     denial of service (floating point exception and process     crash) via a crafted certificate.(CVE-2017-9022)

  - The gmp plugin in strongSwan before 5.6.0 allows remote     attackers to cause a denial of service (NULL pointer     dereference and daemon crash) via a crafted RSA     signature.(CVE-2017-11185)

  - The server implementation of the EAP-MSCHAPv2 protocol     in the eap-mschapv2 plugin in strongSwan 4.2.12 through     5.x before 5.3.4 does not properly validate local     state, which allows remote attackers to bypass     authentication via an empty Success message in response     to an initial Challenge message.(CVE-2015-8023)

  - strongSwan 4.3.0 through 5.x before 5.3.2 and     strongSwan VPN Client before 1.4.6, when using EAP or     pre-shared keys for authenticating an IKEv2 connection,     does not enforce server authentication restrictions     until the entire authentication process is complete,     which allows remote servers to obtain credentials by     using a valid certificate and then reading the     responses.(CVE-2015-4171)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for strongswan provides the following fixes :

Security issues fixed :

CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462).

CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536).

CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874).

CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).

Other issues addressed: Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853).

Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit.

Handle unexpected informational message from SonicWall. (bsc#1009254)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for strongswan fixes the following issues :

Security issues fixed :

  - CVE-2018-5388: Fixed a buffer underflow which may allow     to a remote attacker with local user credentials to     resource exhaustion and denial of service while reading     from the socket (bsc#1094462).

  - CVE-2018-10811: Fixed a denial of service during the     IKEv2 key derivation if the openssl plugin is used in     FIPS mode and HMAC-MD5 is negotiated as PRF     (bsc#1093536).

  - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in     the gmp plugin which might lead to authorization bypass     (bsc#1107874).

  - CVE-2018-17540: Fixed an improper input validation in     gmp plugin (bsc#1109845). 

This update was imported from the SUSE:SLE-15:Update update project.

This update for strongswan fixes the following issues :

Security issues fixed :

CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462).

CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536).

CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874).

CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201811-16 (strongSwan: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in strongSwan. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could cause a Denial of Service condition or       impersonate a user.
  Workaround :

    There is no known workaround at this time.

Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 (DSA-4305-1).

An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon. While arbitrary code execution is not completely ruled out because of the heap buffer overflow, due to the form of the data written to the buffer it seems difficult to actually exploit it in such a way.

It was discovered that there was a denial of service vulnerability in strongswan, a virtual private network (VPN) client and server.

Verification of an RSA signature with a very short public key caused an integer underflow in a length check that resulted in a heap buffer overflow.

For Debian 8 'Jessie', this issue has been fixed in strongswan version 5.2.1-6+deb8u8.

We recommend that you upgrade your strongswan packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3774-1 advisory.

    It was discovered that strongSwan incorrectly handled signature validation in the gmp plugin. A remote     attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly     execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
158172	SUSE SLES11 Security Update : strongswan (SUSE-SU-2022:14887-1)	Nessus	SuSE Local Security Checks	critical
146695	EulerOS 2.0 SP2 : strongimcv (EulerOS-SA-2021-1364)	Nessus	Huawei Local Security Checks	high
135007	openSUSE Security Update : strongswan (openSUSE-2020-403)	Nessus	SuSE Local Security Checks	high
134852	SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2020:0743-1)	Nessus	SuSE Local Security Checks	high
132009	SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)	Nessus	SuSE Local Security Checks	high
131541	openSUSE Security Update : strongswan (openSUSE-2019-2598)	Nessus	SuSE Local Security Checks	high
131537	openSUSE Security Update : strongswan (openSUSE-2019-2594)	Nessus	SuSE Local Security Checks	high
131306	SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2019:3056-1)	Nessus	SuSE Local Security Checks	high
119161	GLSA-201811-16 : strongSwan: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
117890	Debian DSA-4309-1 : strongswan - security update	Nessus	Debian Local Security Checks	high
117889	Debian DLA-1528-1 : strongswan security update	Nessus	Debian Local Security Checks	high
117868	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : strongSwan vulnerability (USN-3774-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2018-17540

high

Tenable Plugins

critical

high

high

high

high

high

high

high

high

high

high

high