Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

#11576 closed defect (fixed)

strongswan4: Critical vulnerability in gmp plugin (CVE-2012-2388)

Reported by:	spam@…	Owned by:	developers
Priority:	highest	Milestone:	Barrier Breaker 14.07
Component:	packages	Version:	Trunk
Keywords:	security strongswan CVE-2012-2388 vulnerability gmp RSA	Cc:

Description

This is to notify you of a vulnerability in strongswan's gmp plugin regarding the verification of RSA signatures. An attacker may create an empty or zeroed RSA signature which can pass for a valid one, both IKEv1 and IKEv2 are affected.

The relevant CVE is CVE-2012-2388 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2388

The vulnerability has been fixed in the recent 4.6.4 release of strongswan. A patch for previous versions is available upstream.

Details are here: http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-(cve-2012-2388).html

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by jow

Resolution set to fixed
Status changed from new to closed

Should be fixed with r32034

comment:2 Changed 4 years ago by jow

Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

You may use WikiFormatting here.

Modify Ticket

Action

leave as closed .

reopen The resolution will be deleted. Next status will be 'reopened'.

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: