DSA-4305-1 strongswan -- strongswanID: oval:org.secpod.oval:def:603530 | Date: (C)2018-10-01 (M)2023-12-20 |
Class: PATCH | Family: unix |
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication. While the gmp plugin doesn"t allow arbitrary data after the ASN.1 structure , the ASN.1 parser is not strict enough and allows data in specific fields inside the ASN.1 structure. Only installations using the gmp plugin are affected , and only when using keys and certificates using keys with an exponent e = 3, which is usually rare in practice. CVE-2018-16151 The OID parser in the ASN.1 code in gmp allows any number of random bytes after a valid OID. CVE-2018-16152 The algorithmIdentifier parser in the ASN.1 code in gmp doesn"t enforce a NULL value for the optional parameter which is not used with any PKCS#1 algorithm.
Product: |
libcharon-extra-plugins |
libstrongswan |
charon-systemd |
strongswan |
charon-cmd |