#VU42852 Improper Authentication in strongSwan - CVE-2013-2944

Cybersecurity Help s.r.o.

Published: 2013-05-02 | Updated: 2020-08-11

Vulnerability identifier: #VU42852

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2013-2944

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
strongSwan
Server applications / Encryption software

Vendor: strongswan.org

Description

The vulnerability allows a remote #AU# to read and manipulate data.

strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.

Mitigation
Install update from vendor's website.

Vulnerable software versions

strongSwan: 4.3.5 - 5.0.2

External links
https://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch
https://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html
https://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html
https://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html
https://www.debian.org/security/2013/dsa-2665
https://www.securityfocus.com/bid/59580
https://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-(cve-2013-2944).html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for strongSwan

Improper Authentication in strongSwan