#VU13125 Memory corruption in strongSwan - CVE-2018-10811

Cybersecurity Help s.r.o.

Published: 2018-05-31 | Updated: 2018-06-01

Vulnerability identifier: #VU13125

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-10811

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
strongSwan
Server applications / Encryption software

Vendor: strongswan.org

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the Internet Key Exchange Version 2 (IKEv2) key derivation of strongSwan due to insufficient initialization of the variable that stores the SKEYSEED for IKEv2 key derivation before using the negotiated pseudorandom function (PRF). A remote attacker can trigger a key derivation failure and cause the affected software to clear the uninitialized memory that may lead to crash.

Mitigation
Update to version 5.6.3.

Vulnerable software versions

strongSwan: 5.0.0 - 5.6.2

External links
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-10811).html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru

OpenSUSE Linux update for strongswan

Gentoo update for strongSwan

Debian update for strongswan

Denial of service in strongswan

Memory corruption in strongswan (Alpine package)