Vulnerabilities > CVE-2018-16151 - Improper Verification of Cryptographic Signature vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

nessus

NVD

Published: 2018-09-26

Updated: 2023-11-07

Summary

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Vulnerable Configurations

Part	Description	Count
Application	Strongswan Strongswan Strongswan 5.0.0 Strongswan Strongswan 5.0.1 Strongswan Strongswan 5.0.2 Strongswan Strongswan 5.0.3 Strongswan Strongswan 5.0.4 Strongswan Strongswan 5.1.0 Strongswan Strongswan 5.1.1 Strongswan Strongswan 5.1.2 Strongswan Strongswan 5.1.3 Strongswan Strongswan 5.2.0 Strongswan Strongswan 5.2.1 Strongswan Strongswan 5.2.2 Strongswan Strongswan 5.2.3 Strongswan Strongswan 5.3.0 Strongswan Strongswan 5.3.1 Strongswan Strongswan 5.3.2 Strongswan Strongswan 5.3.3 Strongswan Strongswan 5.3.4 Strongswan Strongswan 5.3.5 Strongswan Strongswan 5.4.0 Strongswan Strongswan 5.5.0 Strongswan Strongswan 5.5.1 Strongswan Strongswan 5.5.2 Strongswan Strongswan 5.5.3 Strongswan Strongswan 5.6.0 Strongswan Strongswan 5.6.1 Strongswan Strongswan 5.6.2 Strongswan Strongswan 5.6.3 Strongswan Strongswan 4.0.0 Strongswan Strongswan 4.0.1 Strongswan Strongswan 4.0.2 Strongswan Strongswan 4.0.3 Strongswan Strongswan 4.0.4 Strongswan Strongswan 4.0.5 Strongswan Strongswan 4.0.6 Strongswan Strongswan 4.0.7 Strongswan Strongswan 4.1.0 Strongswan Strongswan 4.1.1 Strongswan Strongswan 4.1.2 Strongswan Strongswan 4.1.3 Strongswan Strongswan 4.1.4 Strongswan Strongswan 4.1.5 Strongswan Strongswan 4.1.6 Strongswan Strongswan 4.1.7 Strongswan Strongswan 4.1.8 Strongswan Strongswan 4.1.9 Strongswan Strongswan 4.1.10 Strongswan Strongswan 4.1.11 Strongswan Strongswan 4.2.0 Strongswan Strongswan 4.2.1 Strongswan Strongswan 4.2.2 Strongswan Strongswan 4.2.3 Strongswan Strongswan 4.2.4 Strongswan Strongswan 4.2.5 Strongswan Strongswan 4.2.6 Strongswan Strongswan 4.2.7 Strongswan Strongswan 4.2.8 Strongswan Strongswan 4.2.9 Strongswan Strongswan 4.2.10 Strongswan Strongswan 4.2.11 Strongswan Strongswan 4.2.12 Strongswan Strongswan 4.2.13 Strongswan Strongswan 4.2.14 Strongswan Strongswan 4.2.15 Strongswan Strongswan 4.2.16 Strongswan Strongswan 4.3.0 Strongswan Strongswan 4.3.1 Strongswan Strongswan 4.3.2 Strongswan Strongswan 4.3.3 Strongswan Strongswan 4.3.4 Strongswan Strongswan 4.3.5 Strongswan Strongswan 4.3.6 Strongswan Strongswan 4.3.7 Strongswan Strongswan 4.4.0 Strongswan Strongswan 4.4.1 Strongswan Strongswan 4.5.0 Strongswan Strongswan 4.5.1 Strongswan Strongswan 4.5.2 Strongswan Strongswan 4.5.3 Strongswan Strongswan 4.6.0 Strongswan Strongswan 4.6.1 Strongswan Strongswan 4.6.2 Strongswan Strongswan 4.6.3 Strongswan Strongswan 4.6.4	84
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0	2
OS	Canonical Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 18.04	3

Common Weakness Enumeration (CWE)

CWE-347 - Improper Verification of Cryptographic Signature

Common Attack Pattern Enumeration and Classification (CAPEC)

Padding Oracle Crypto Attack
An attacker is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an attacker is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an attacker is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key. Any cryptosystem can be vulnerable to padding oracle attacks if the encrypted messages are not authenticated to ensure their validity prior to decryption, and then the information about padding error is leaked to the attacker. This attack technique may be used, for instance, to break CAPTCHA systems or decrypt/modify state information stored in client side objects (e.g., hidden fields or cookies). This attack technique is a side-channel attack on the cryptosystem that uses a data leak from an improperly implemented decryption routine to completely subvert the cryptosystem. The one bit of information that tells the attacker whether a padding error during decryption has occurred, in whatever form it comes, is sufficient for the attacker to break the cryptosystem. That bit of information can come in a form of an explicit error message about a padding error, a returned blank page, or even the server taking longer to respond (a timing attack). This attack can be launched cross domain where an attacker is able to use cross-domain information leaks to get the bits of information from the padding oracle from a target system / service with which the victim is communicating. To do so an attacker sends a request containing ciphertext to the target system. Due to the browser's same origin policy, the attacker is not able to see the response directly, but can use cross-domain information leak techniques to still get the information needed (i.e., information on whether or not a padding error has occurred). For instance, this can be done using "img" tag plus the onerror()/onload() events. The attacker's JavaScript can make web browsers to load an image on the target site, and know if the image is loaded or not. This is 1-bit information needed for the padding oracle attack to work: if the image is loaded, then it is valid padding, otherwise it is not.

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-9CAA6528D2.NASL
description	Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-10-16
plugin id	118123
published	2018-10-16
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118123
title	Fedora 27 : strongswan (2018-9caa6528d2)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-9caa6528d2. # include("compat.inc"); if (description) { script_id(118123); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-16151", "CVE-2018-16152"); script_xref(name:"FEDORA", value:"2018-9caa6528d2"); script_name(english:"Fedora 27 : strongswan (2018-9caa6528d2)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-9caa6528d2" ); script_set_attribute( attribute:"solution", value:"Update the affected strongswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:strongswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"strongswan-5.7.1-1.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "strongswan"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-2_0-0125_STRONGSWAN.NASL
description	An update of the strongswan package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	122028
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122028
title	Photon OS 2.0: Strongswan PHSA-2019-2.0-0125
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0125. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(122028); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2019/02/07"); script_cve_id("CVE-2018-16151", "CVE-2018-16152"); script_name(english:"Photon OS 2.0: Strongswan PHSA-2019-2.0-0125"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the strongswan package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-125.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16152"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"strongswan-5.5.2-6.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"strongswan-5.5.2-6.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"strongswan-debuginfo-5.5.2-6.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"strongswan-debuginfo-5.5.2-6.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "strongswan"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-61DF554BB1.NASL
description	Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120469
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120469
title	Fedora 28 : strongswan (2018-61df554bb1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-61df554bb1. # include("compat.inc"); if (description) { script_id(120469); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-16151", "CVE-2018-16152"); script_xref(name:"FEDORA", value:"2018-61df554bb1"); script_name(english:"Fedora 28 : strongswan (2018-61df554bb1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-61df554bb1" ); script_set_attribute( attribute:"solution", value:"Update the affected strongswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:strongswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"strongswan-5.7.1-1.fc28")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "strongswan"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-1_0-0203_STRONGSWAN.NASL
description	An update of the strongswan package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	122019
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122019
title	Photon OS 1.0: Strongswan PHSA-2019-1.0-0203

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-3056-1.NASL
description	This update for strongswan fixes the following issues : Security issues fixed : CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	131306
published	2019-11-26
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131306
title	SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2019:3056-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2020-0743-1.NASL
description	This update for strongswan fixes the following issues : Strongswan was updated to version 5.8.2 (jsc#SLE-11370). Security issue fixed : CVE-2018-6459: Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation (bsc#1079548). Full changelogs : Version 5.8.2 - Identity-based CA constraints, which enforce that the certificate chain of the remote peer contains a CA certificate with a specific identity, are supported via vici/swanctl.conf. This is similar to the existing CA constraints but doesn
last seen	2020-03-26
modified	2020-03-24
plugin id	134852
published	2020-03-24
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/134852
title	SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2020:0743-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2019-3266-1.NASL
description	This update for strongswan provides the following fixes : Security issues fixed : CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). Other issues addressed: Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853). Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit. Handle unexpected informational message from SonicWall. (bsc#1009254) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	132009
published	2019-12-12
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132009
title	SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2598.NASL
description	This update for strongswan fixes the following issues : Security issues fixed : - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	131541
published	2019-12-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131541
title	openSUSE Security Update : strongswan (openSUSE-2019-2598)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3771-1.NASL
description	It was discovered that strongSwan incorrectly handled IKEv2 key derivation. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2018-10811) Sze Yiu Chau discovered that strongSwan incorrectly handled parsing OIDs in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16151) Sze Yiu Chau discovered that strongSwan incorrectly handled certain parameters fields in the gmp plugin. A remote attacker could possibly use this issue to bypass authorization. (CVE-2018-16152) It was discovered that strongSwan incorrectly handled the stroke plugin. A local administrator could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-5388). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	117805
published	2018-09-27
reporter	Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117805
title	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : strongswan vulnerabilities (USN-3771-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1522.NASL
description	Sze Yiu Chau and his team from Purdue University and The University of Iowa found several security issues in the gmp plugin for strongSwan, an IKE/IPsec suite. CVE-2018-16151 The OID parser in the ASN.1 code in gmp allows any number of random bytes after a valid OID. CVE-2018-16152 The algorithmIdentifier parser in the ASN.1 code in gmp doesn
last seen	2020-06-01
modified	2020-06-02
plugin id	117715
published	2018-09-27
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117715
title	Debian DLA-1522-1 : strongswan security update

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-403.NASL
description	This update for strongswan fixes the following issues : Strongswan was updated to version 5.8.2 (jsc#SLE-11370). Security issue fixed : - CVE-2018-6459: Fixed a DoS vulnerability in the parser for PKCS#1 RSASSA-PSS signatures that was caused by insufficient input validation (bsc#1079548). Full changelogs : Version 5.8.2 - Identity-based CA constraints, which enforce that the certificate chain of the remote peer contains a CA certificate with a specific identity, are supported via vici/swanctl.conf. This is similar to the existing CA constraints but doesn
last seen	2020-04-04
modified	2020-03-30
plugin id	135007
published	2020-03-30
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/135007
title	openSUSE Security Update : strongswan (openSUSE-2020-403)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4309.NASL
description	Google
last seen	2020-06-01
modified	2020-06-02
plugin id	117890
published	2018-10-03
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117890
title	Debian DSA-4309-1 : strongswan - security update

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2019-2594.NASL
description	This update for strongswan fixes the following issues : Security issues fixed : - CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462). - CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536). - CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874). - CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845). This update was imported from the SUSE:SLE-15:Update update project.
last seen	2020-06-01
modified	2020-06-02
plugin id	131537
published	2019-12-03
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131537
title	openSUSE Security Update : strongswan (openSUSE-2019-2594)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-A0D22C2A21.NASL
description	Updated to release 5.7.1 Security fix for : - CVE-2018-16151 - CVE-2018-16152 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2019-01-03
plugin id	120663
published	2019-01-03
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/120663
title	Fedora 29 : strongswan (2018-a0d22c2a21)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4305.NASL
description	Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication. While the gmp plugin doesn
last seen	2020-06-01
modified	2020-06-02
plugin id	117678
published	2018-09-25
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/117678
title	Debian DSA-4305-1 : strongswan - security update

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201811-16.NASL
description	The remote host is affected by the vulnerability described in GLSA-201811-16 (strongSwan: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in strongSwan. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition or impersonate a user. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	119161
published	2018-11-27
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119161
title	GLSA-201811-16 : strongSwan: Multiple vulnerabilities

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References