Modify

Opened 6 years ago

Closed 6 years ago

Last modified 4 years ago

#11576 closed defect (fixed)

strongswan4: Critical vulnerability in gmp plugin (CVE-2012-2388)

Reported by: spam@… Owned by: developers
Priority: highest Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: security strongswan CVE-2012-2388 vulnerability gmp RSA Cc:

Description

This is to notify you of a vulnerability in strongswan's gmp plugin regarding the verification of RSA signatures. An attacker may create an empty or zeroed RSA signature which can pass for a valid one, both IKEv1 and IKEv2 are affected.

The relevant CVE is CVE-2012-2388 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2388

The vulnerability has been fixed in the recent 4.6.4 release of strongswan. A patch for previous versions is available upstream.

Details are here: http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-(cve-2012-2388).html

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Should be fixed with r32034

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.