Modify ↓
#11576 closed defect (fixed)
strongswan4: Critical vulnerability in gmp plugin (CVE-2012-2388)
Reported by: | spam@… | Owned by: | developers |
---|---|---|---|
Priority: | highest | Milestone: | Barrier Breaker 14.07 |
Component: | packages | Version: | Trunk |
Keywords: | security strongswan CVE-2012-2388 vulnerability gmp RSA | Cc: |
Description
This is to notify you of a vulnerability in strongswan's gmp plugin regarding the verification of RSA signatures. An attacker may create an empty or zeroed RSA signature which can pass for a valid one, both IKEv1 and IKEv2 are affected.
The relevant CVE is CVE-2012-2388 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2388
The vulnerability has been fixed in the recent 4.6.4 release of strongswan. A patch for previous versions is available upstream.
Details are here: http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-(cve-2012-2388).html
Attachments (0)
Change History (2)
comment:1 Changed 6 years ago by jow
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 4 years ago by jow
- Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07
Milestone Attitude Adjustment 12.09 deleted
Note: See
TracTickets for help on using
tickets.
Should be fixed with r32034