SB2018092903 - Improper Authentication in strongswan (Alpine package)
Published: September 29, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Authentication (CVE-ID: CVE-2018-16151)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in RSA implementation based on GMP (verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c) within the gmp plugin that does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.
Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1cb8f327fe893b5f83d52d1e8686ca8085a15412
- https://git.alpinelinux.org/aports/commit/?id=d01a6eb23f238d10cc1b2a2e3cbfd15ca2f4b3c2
- https://git.alpinelinux.org/aports/commit/?id=044957741907d97afb7e6b1510a87e94b430de1e
- https://git.alpinelinux.org/aports/commit/?id=142cd0660c759d91ccdd0b6b6fd5f4959413ed93
- https://git.alpinelinux.org/aports/commit/?id=2710c46b44644c2f597699e01f238d4e13d88b11
- https://git.alpinelinux.org/aports/commit/?id=2f0878ed064f5b397f15426c9141880a36754a99
- https://git.alpinelinux.org/aports/commit/?id=fae42a57529214cd7ee88738466541ee2f7f3643
- https://git.alpinelinux.org/aports/commit/?id=69cb3c4ebb573f4427b512a8f3ce9f8da6edc356