Executive Summary
Summary | |
---|---|
Title | strongswan security update |
Informations | |||
---|---|---|---|
Name | DSA-2483 | First vendor Publication | 2012-05-31 |
Vendor | Debian | Last vendor Modification | 2012-05-31 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. The default configuration in Debian does not use the gmp plugin for RSA operations but rather the OpenSSL plugin, so the packages as shipped by Debian are not vulnerable. For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-5.2. For the testing distribution (wheezy), this problem has been fixed in version 4.5.2-1.4. For the unstable distribution (sid), this problem has been fixed in version 4.5.2-1.4. We recommend that you upgrade your strongswan packages. |
Original Source
Url : http://www.debian.org/security/2012/dsa-2483 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18177 | |||
Oval ID: | oval:org.mitre.oval:def:18177 | ||
Title: | DSA-2665-1 strongswan - authentication bypass | ||
Description: | Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2665-1 CVE-2013-2944 CVE-2012-2388 | Version: | 8 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | strongswan |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19671 | |||
Oval ID: | oval:org.mitre.oval:def:19671 | ||
Title: | DSA-2483-1 strongswan - authentication bypass | ||
Description: | An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2483-1 CVE-2012-2388 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | strongswan |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0691-1 (update) File : nvt/gb_suse_2012_0691_1.nasl |
2012-08-30 | Name : Fedora Update for strongswan FEDORA-2012-8815 File : nvt/gb_fedora_2012_8815_strongswan_fc17.nasl |
2012-06-11 | Name : Fedora Update for strongswan FEDORA-2012-8821 File : nvt/gb_fedora_2012_8821_strongswan_fc16.nasl |
2012-05-31 | Name : Debian Security Advisory DSA 2483-1 (strongswan) File : nvt/deb_2483_1.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-309.nasl - Type : ACT_GATHER_INFO |
2013-05-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2665.nasl - Type : ACT_GATHER_INFO |
2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_strongswan-120523.nasl - Type : ACT_GATHER_INFO |
2012-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2483.nasl - Type : ACT_GATHER_INFO |
2012-06-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8815.nasl - Type : ACT_GATHER_INFO |
2012-06-11 | Name : The remote Fedora host is missing a security update. File : fedora_2012-8821.nasl - Type : ACT_GATHER_INFO |
2012-06-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_strongswan-8138.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:31:07 |
|