SUSE update for strongswan
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-16151 CVE-2018-16152 CVE-2018-17540 CVE-2021-45079 |
| CWE-ID | CWE-287 CWE-119 CWE-371 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Point of Sale Operating systems & Components / Operating system SUSE Linux Enterprise Debuginfo Operating systems & Components / Operating system strongswan-debugsource Operating systems & Components / Operating system package or component strongswan-debuginfo Operating systems & Components / Operating system package or component strongswan-doc Operating systems & Components / Operating system package or component strongswan Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU15722
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-16151
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in RSA implementation based on GMP (verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c) within the gmp plugin that does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.
Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.
MitigationUpdate the affected package strongswan to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE
SUSE Linux Enterprise Point of Sale: 11-SP3
SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4
strongswan-debugsource: before 4.4.0-6.36.12.1
strongswan-debuginfo: before 4.4.0-6.36.12.1
strongswan-doc: before 4.4.0-6.36.12.1
strongswan: before 4.4.0-6.36.12.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:11-SP4-LTSS-EXTREME-CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_point_of_sale:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:strongswan-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU15729
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-16152
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in the RSA implementation based on GMP within the verify_emsa_pkcs1_signature() function in gmp_rsa_public_key.c in the gmp plugin. The GMP plugin does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. A remote attacker can forge signatures when small public exponents are being used and impersonate the victim.
Successful exploitation of the vulnerability may allow an attacker to take full control over victim's session but requires that only an RSA signature is used for IKEv2 authentication.
MitigationUpdate the affected package strongswan to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE
SUSE Linux Enterprise Point of Sale: 11-SP3
SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4
strongswan-debugsource: before 4.4.0-6.36.12.1
strongswan-debuginfo: before 4.4.0-6.36.12.1
strongswan-doc: before 4.4.0-6.36.12.1
strongswan: before 4.4.0-6.36.12.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:11-SP4-LTSS-EXTREME-CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_point_of_sale:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:strongswan-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU15165
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-17540
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service attacks.
The vulnerability exists due to a boundary error when processing certificates within gmp plugin. A remote attacker can create a specially crafted certificate, pass it to the affected application and trigger application crash.
MitigationUpdate the affected package strongswan to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE
SUSE Linux Enterprise Point of Sale: 11-SP3
SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4
strongswan-debugsource: before 4.4.0-6.36.12.1
strongswan-debuginfo: before 4.4.0-6.36.12.1
strongswan-doc: before 4.4.0-6.36.12.1
strongswan: before 4.4.0-6.36.12.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:11-SP4-LTSS-EXTREME-CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_point_of_sale:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:strongswan-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) State Issues
EUVDB-ID: #VU59994
Risk: High
CVSSv4.0: 6.8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-45079
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to improper handling of EAP-Success messages. A remote attacker can send a specially crafted (early) EAP-Success message to the affected system and bypass authentication or perform a denial of service attack.
Update the affected package strongswan to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server: 11-SP4-LTSS-EXTREME-CORE
SUSE Linux Enterprise Point of Sale: 11-SP3
SUSE Linux Enterprise Debuginfo: 11-SP3 - 11-SP4
strongswan-debugsource: before 4.4.0-6.36.12.1
strongswan-debuginfo: before 4.4.0-6.36.12.1
strongswan-doc: before 4.4.0-6.36.12.1
strongswan: before 4.4.0-6.36.12.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server:11-SP4-LTSS-EXTREME-CORE:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_point_of_sale:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_debuginfo:11-SP4:*:*:*:*:*:*:*
- cpe:2.3:a:suse:strongswan-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan-doc:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:strongswan:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-202214887-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
