SUSE update for strongswan

1) Improper Authentication

EUVDB-ID: #VU15722

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16151

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in RSA implementation based on GMP (verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c) within the gmp plugin that does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.

Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.

Mitigation

Update the affected package strongswan to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

strongswan-debugsource: before 4.4.0-6.36.12.1

strongswan-debuginfo: before 4.4.0-6.36.12.1

strongswan-doc: before 4.4.0-6.36.12.1

strongswan: before 4.4.0-6.36.12.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authentication

EUVDB-ID: #VU15729

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16152

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the RSA implementation based on GMP within the verify_emsa_pkcs1_signature() function in gmp_rsa_public_key.c in the gmp plugin. The GMP plugin does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.

Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.

Mitigation

Update the affected package strongswan to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

strongswan-debugsource: before 4.4.0-6.36.12.1

strongswan-debuginfo: before 4.4.0-6.36.12.1

strongswan-doc: before 4.4.0-6.36.12.1

strongswan: before 4.4.0-6.36.12.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU15165

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17540

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service attacks.

The vulnerability exists due to a boundary error when processing certificates within gmp plugin. A remote attacker can create a specially crafted certificate, pass it to the affected application and trigger application crash.

Mitigation

Update the affected package strongswan to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

strongswan-debugsource: before 4.4.0-6.36.12.1

strongswan-debuginfo: before 4.4.0-6.36.12.1

strongswan-doc: before 4.4.0-6.36.12.1

strongswan: before 4.4.0-6.36.12.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) State Issues

EUVDB-ID: #VU59994

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-45079

CWE-ID: CWE-371 - State Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to improper handling of EAP-Success messages. A remote attacker can send a specially crafted (early) EAP-Success message to the affected system and bypass authentication or perform a denial of service attack.

Mitigation

Update the affected package strongswan to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE

SUSE Linux Enterprise Point of Sale: 11-SP3

SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4

strongswan-debugsource: before 4.4.0-6.36.12.1

strongswan-debuginfo: before 4.4.0-6.36.12.1

strongswan-doc: before 4.4.0-6.36.12.1

strongswan: before 4.4.0-6.36.12.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.