The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5111-1 advisory.

    It was discovered that strongSwan incorrectly handled certain RSASSA-PSS signatures. A remote attacker     could use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2021-41990)

    It was discovered that strongSwan incorrectly handled replacing certificates in the cache. A remote     attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly     execute arbitrary code. (CVE-2021-41991)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 58528a94-5100-4208-a04d-edc01598cf01 advisory.

  - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an     RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent     by an initiator. Remote code execution cannot occur. (CVE-2021-41990)

  - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving     many requests with different certificates to fill the cache and later trigger the replacement of cache     entries. The code attempts to select a less-often-used cache entry by means of a random number generator,     but this is not done correctly. Remote code execution might be a slight possibility. (CVE-2021-41991)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3467-1 advisory.

  - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an     RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent     by an initiator. Remote code execution cannot occur. (CVE-2021-41990)

  - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving     many requests with different certificates to fill the cache and later trigger the replacement of cache     entries. The code attempts to select a less-often-used cache entry by means of a random number generator,     but this is not done correctly. Remote code execution might be a slight possibility. (CVE-2021-41991)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3467-1 advisory.

  - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an     RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent     by an initiator. Remote code execution cannot occur. (CVE-2021-41990)

  - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving     many requests with different certificates to fill the cache and later trigger the replacement of cache     entries. The code attempts to select a less-often-used cache entry by means of a random number generator,     but this is not done correctly. Remote code execution might be a slight possibility. (CVE-2021-41991)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

An update of the strongswan package has been released.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3469-1 advisory.

  - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an     RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent     by an initiator. Remote code execution cannot occur. (CVE-2021-41990)

  - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving     many requests with different certificates to fill the cache and later trigger the replacement of cache     entries. The code attempts to select a less-often-used cache entry by means of a random number generator,     but this is not done correctly. Remote code execution might be a slight possibility. (CVE-2021-41991)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1399-1 advisory.

  - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an     RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent     by an initiator. Remote code execution cannot occur. (CVE-2021-41990)

  - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving     many requests with different certificates to fill the cache and later trigger the replacement of cache     entries. The code attempts to select a less-often-used cache entry by means of a random number generator,     but this is not done correctly. Remote code execution might be a slight possibility. (CVE-2021-41991)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4989 advisory.

  - The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an     RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent     by an initiator. Remote code execution cannot occur. (CVE-2021-41990)

  - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving     many requests with different certificates to fill the cache and later trigger the replacement of cache     entries. The code attempts to select a less-often-used cache entry by means of a random number generator,     but this is not done correctly. Remote code execution might be a slight possibility. (CVE-2021-41991)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan. The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
154227	Ubuntu 18.04 LTS / 20.04 LTS : strongSwan vulnerabilities (USN-5111-1)	Nessus	Ubuntu Local Security Checks	10/19/2021	8/27/2024	high
157239	FreeBSD : strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache (58528a94-5100-4208-a04d-edc01598cf01)	Nessus	FreeBSD Local Security Checks	1/30/2022	11/6/2023	high
154243	openSUSE 15 Security Update : strongswan (openSUSE-SU-2021:3467-1)	Nessus	SuSE Local Security Checks	10/20/2021	1/20/2022	high
154249	SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2021:3467-1)	Nessus	SuSE Local Security Checks	10/20/2021	7/13/2023	high
204064	Photon OS 3.0: Strongswan PHSA-2021-3.0-0320	Nessus	PhotonOS Local Security Checks	7/24/2024	7/24/2024	high
154248	SUSE SLES15 Security Update : strongswan (SUSE-SU-2021:3469-1)	Nessus	SuSE Local Security Checks	10/20/2021	7/13/2023	high
154770	openSUSE 15 Security Update : strongswan (openSUSE-SU-2021:1399-1)	Nessus	SuSE Local Security Checks	11/1/2021	11/1/2021	high
203492	Photon OS 4.0: Strongswan PHSA-2021-4.0-0119	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	high
154229	Debian DSA-4989-1 : strongswan - security update	Nessus	Debian Local Security Checks	10/19/2021	1/20/2022	high
501592	Siemens SIMATIC NET CP, SINEMA & SCALANCE Integer Overflow (CVE-2021-41990)	Tenable OT Security	Tenable.ot	8/3/2023	8/24/2023	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high