Summary
Detail | |||
---|---|---|---|
Vendor | Strongswan | First view | 2004-12-06 |
Product | Strongswan | Last view | 2023-12-07 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2023-12-07 | CVE-2023-41913 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. |
9.8 | 2023-04-15 | CVE-2023-26463 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. |
7.5 | 2022-10-31 | CVE-2022-40617 | strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data. |
9.1 | 2022-01-31 | CVE-2021-45079 | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. |
7.5 | 2021-10-18 | CVE-2021-41991 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility. |
7.5 | 2021-10-18 | CVE-2021-41990 | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur. |
3.1 | 2019-06-12 | CVE-2019-10155 | The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. |
7.5 | 2018-10-03 | CVE-2018-17540 | The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. |
7.5 | 2018-09-26 | CVE-2018-16152 | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. |
7.5 | 2018-09-26 | CVE-2018-16151 | In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. |
7.5 | 2018-06-19 | CVE-2018-10811 | strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. |
6.5 | 2018-05-31 | CVE-2018-5388 | In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. |
5.3 | 2018-02-20 | CVE-2018-6459 | The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter. |
9.8 | 2017-09-07 | CVE-2015-3991 | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. |
7.5 | 2017-08-18 | CVE-2017-11185 | The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature. |
7.5 | 2017-06-08 | CVE-2017-9023 | The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate. |
7.5 | 2017-06-08 | CVE-2017-9022 | The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. |
5 | 2015-11-18 | CVE-2015-8023 | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. |
2.6 | 2015-06-10 | CVE-2015-4171 | strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. |
5 | 2015-01-07 | CVE-2014-9221 | strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. |
5 | 2014-05-07 | CVE-2014-2891 | strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload. |
6.4 | 2014-04-16 | CVE-2014-2338 | IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established. |
5 | 2013-11-02 | CVE-2013-6076 | strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet. |
5 | 2013-11-02 | CVE-2013-6075 | The compare_dn function in utils/identification.c in strongSwan 4.3.3 through 5.1.1 allows (1) remote attackers to cause a denial of service (out-of-bounds read, NULL pointer dereference, and daemon crash) or (2) remote authenticated users to impersonate arbitrary users and bypass access restrictions via a crafted ID_DER_ASN1_DN ID, related to an "insufficient length check" during identity comparison. |
4.3 | 2013-08-28 | CVE-2013-5018 | The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
12% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12% (4) | CWE-20 | Improper Input Validation |
9% (3) | CWE-476 | NULL Pointer Dereference |
9% (3) | CWE-399 | Resource Management Errors |
9% (3) | CWE-347 | Improper Verification of Cryptographic Signature |
9% (3) | CWE-287 | Improper Authentication |
6% (2) | CWE-190 | Integer Overflow or Wraparound |
6% (2) | CWE-19 | Data Handling |
3% (1) | CWE-787 | Out-of-bounds Write |
3% (1) | CWE-400 | Uncontrolled Resource Consumption ('Resource Exhaustion') |
3% (1) | CWE-354 | Improper Validation of Integrity Check Value |
3% (1) | CWE-310 | Cryptographic Issues |
3% (1) | CWE-295 | Certificate Issues |
3% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
3% (1) | CWE-200 | Information Exposure |
3% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
3% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:7907 | DSA-1759 strongswan -- denial of service |
oval:org.mitre.oval:def:13547 | DSA-1760-1 openswan -- denial of service |
oval:org.mitre.oval:def:12881 | DSA-1759-1 strongswan -- denial of service |
oval:org.mitre.oval:def:11171 | The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before 2.6.21 and 2... |
oval:org.mitre.oval:def:21841 | ELSA-2009:0402: openswan security update (Important) |
oval:org.mitre.oval:def:28934 | RHSA-2009:0402 -- openswan security update (Important) |
oval:org.mitre.oval:def:8369 | DSA-1898 openswan -- denial of service |
oval:org.mitre.oval:def:18226 | DSA-1898-1 openswan - denial of service |
oval:org.mitre.oval:def:11079 | The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1... |
oval:org.mitre.oval:def:22909 | ELSA-2009:1138: openswan security update (Important) |
oval:org.mitre.oval:def:29103 | RHSA-2009:1138 -- openswan security update (Important) |
oval:org.mitre.oval:def:8047 | DSA-1899 strongswan -- several vulnerabilities |
oval:org.mitre.oval:def:13577 | DSA-1899-1 strongswan -- several |
oval:org.mitre.oval:def:19671 | DSA-2483-1 strongswan - authentication bypass |
oval:org.mitre.oval:def:18177 | DSA-2665-1 strongswan - authentication bypass |
oval:org.mitre.oval:def:25882 | SUSE-SU-2013:1237-1 -- Security update for strongswan |
oval:org.mitre.oval:def:25881 | SUSE-SU-2013:1237-3 -- Security update for strongswan |
oval:org.mitre.oval:def:25008 | SUSE-SU-2013:1237-2 -- Security update for strongswan |
oval:org.mitre.oval:def:20000 | DSA-2789-1 strongswan - Denial of service and authorisation bypass |
oval:org.mitre.oval:def:25686 | SUSE-SU-2013:1866-1 -- Security update for strongswan |
oval:org.mitre.oval:def:25663 | SUSE-SU-2013:1866-2 -- Security update for strongswan |
oval:org.mitre.oval:def:25562 | SUSE-SU-2013:1866-3 -- Security update for strongswan |
oval:org.mitre.oval:def:24282 | DSA-2903-1 strongswan - security update |
oval:org.mitre.oval:def:25268 | SUSE-SU-2014:0529-1 -- Security update for strongswan |
oval:org.mitre.oval:def:24774 | DSA-2922-1 strongswan - security update |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
67148 | strongSwan snprintf() Function Certificate / Identification Payload Remote Co... |
55421 | Openswan ASN.1 Parser Crafted X.509 Certificate Remote IKE Daemon DoS |
55420 | strongSwan ASN.1 Parser Crafted X.509 Certificate RDN IKE Daemon Remote DoS |
55047 | strongSwan charon Daemon charon/sa/tasks/child_create.c IKE_AUTH Request Hand... |
55046 | strongSwan charon Daemon charon/sa/ike_sa.c IKE_SA_INIT Request Handling DoS |
53209 | Openswan Pluto IKE Daemon Dead Peer Detection NULL Dereference Remote DoS |
53208 | strongSwan Pluto IKE Daemon Dead Peer Detection NULL Dereference Remote DoS |
48410 | strongSwan IKEv2 charon Daemon Crafted IKE_SA_INIT Message Remote DoS |
7281 | Swan Products X.509 Certificate Validation Bypass and DoS |
OpenVAS Exploits
id | Description |
---|---|
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0691-1 (update) File : nvt/gb_suse_2012_0691_1.nasl |
2012-08-30 | Name : Fedora Update for strongswan FEDORA-2012-8815 File : nvt/gb_fedora_2012_8815_strongswan_fc17.nasl |
2012-06-11 | Name : Fedora Update for strongswan FEDORA-2012-8821 File : nvt/gb_fedora_2012_8821_strongswan_fc16.nasl |
2012-05-31 | Name : Debian Security Advisory DSA 2483-1 (strongswan) File : nvt/deb_2483_1.nasl |
2011-08-09 | Name : CentOS Update for openswan CESA-2009:1138 centos5 i386 File : nvt/gb_CESA-2009_1138_openswan_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for openswan CESA-2009:0402 centos5 i386 File : nvt/gb_CESA-2009_0402_openswan_centos5_i386.nasl |
2009-11-11 | Name : SuSE Security Summary SUSE-SR:2009:018 File : nvt/suse_sr_2009_018.nasl |
2009-10-19 | Name : Mandrake Security Advisory MDVSA-2009:273 (strongswan) File : nvt/mdksa_2009_273.nasl |
2009-10-19 | Name : SuSE Security Summary SUSE-SR:2009:016 File : nvt/suse_sr_2009_016.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan0.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan1.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan2.nasl |
2009-10-13 | Name : SLES10: Security update for strongswan File : nvt/sles10_strongswan3.nasl |
2009-10-13 | Name : SLES10: Security update for openswan File : nvt/sles10_openswan1.nasl |
2009-10-13 | Name : SLES10: Security update for openswan File : nvt/sles10_openswan0.nasl |
2009-10-13 | Name : SLES10: Security update for openswan File : nvt/sles10_openswan.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan0.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan.nasl |
2009-10-11 | Name : SLES11: Security update for openswan File : nvt/sles11_openswan1.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan2.nasl |
2009-10-11 | Name : SLES11: Security update for openswan File : nvt/sles11_openswan0.nasl |
2009-10-11 | Name : SLES11: Security update for openswan File : nvt/sles11_openswan.nasl |
2009-10-11 | Name : SLES11: Security update for strongswan File : nvt/sles11_strongswan1.nasl |
2009-10-10 | Name : SLES9: Security update for freeswan File : nvt/sles9p5059240.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Openswan/Strongswan Pluto IKE daemon ISAKMP DPD malformed packet DOS attempt RuleID : 21334 - Type : SERVER-WEBAPP - Revision : 4 |
2014-01-10 | Openswan/Strongswan Pluto IKE daemon ISAKMP DPD malformed packet DOS attempt RuleID : 21333 - Type : SERVER-WEBAPP - Revision : 3 |
2014-01-10 | strongSwan Certificate and Identification payload overflow attempt RuleID : 19182 - Type : SERVER-OTHER - Revision : 10 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-0de3edbdea.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-3731a89e20.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-61df554bb1.nasl - Type: ACT_GATHER_INFO |
2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-a0d22c2a21.nasl - Type: ACT_GATHER_INFO |
2018-11-27 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201811-16.nasl - Type: ACT_GATHER_INFO |
2018-10-16 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9caa6528d2.nasl - Type: ACT_GATHER_INFO |
2018-10-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-1528.nasl - Type: ACT_GATHER_INFO |
2018-10-03 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4309.nasl - Type: ACT_GATHER_INFO |
2018-09-27 | Name: The remote Debian host is missing a security update. File: debian_DLA-1522.nasl - Type: ACT_GATHER_INFO |
2018-09-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4305.nasl - Type: ACT_GATHER_INFO |
2018-08-31 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0178.nasl - Type: ACT_GATHER_INFO |
2018-08-31 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0086.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2017-0040.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0126.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0164.nasl - Type: ACT_GATHER_INFO |
2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0075.nasl - Type: ACT_GATHER_INFO |
2018-06-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4229.nasl - Type: ACT_GATHER_INFO |
2018-06-04 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bab8cabe2a.nasl - Type: ACT_GATHER_INFO |
2018-06-01 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_7fc3e82764a511e8aedb00224d821998.nasl - Type: ACT_GATHER_INFO |
2018-03-02 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_6a449a37157011e88e00000c294a5758.nasl - Type: ACT_GATHER_INFO |
2017-09-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3962.nasl - Type: ACT_GATHER_INFO |
2017-08-30 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2293-1.nasl - Type: ACT_GATHER_INFO |
2017-08-22 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-3397-1.nasl - Type: ACT_GATHER_INFO |
2017-08-21 | Name: The remote Debian host is missing a security update. File: debian_DLA-1059.nasl - Type: ACT_GATHER_INFO |
2017-08-14 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-2143-1.nasl - Type: ACT_GATHER_INFO |