CVE-2019-10155 – libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check
https://notcve.org/view.php?id=CVE-2019-10155
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value was not verified. This issue affects versions before 3.29. Se ha encontrado una vulnerabilidad en el proyecto The Libreswan en el procesador de IKEv1 Los paquetes de intercambio informativo IKEv1 que están cifrados y protegidos por integridad utilizando las claves de integridad y cifrado IKE SA establecidas, pero como receptor, el valor de verificación de integridad no se verificó. Este problema afecta a las versiones anteriores a 3.29. A vulnerability was found in the Libreswan Project. • https://access.redhat.com/errata/RHSA-2019:3391 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10155 https://libreswan.org/security/CVE-2019-10155 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUEXFCN7FAYBKJBQJLYCEUQUCHDEJRZW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFGPGLLKAXSLWFI62A6BZHTZSCHRCBXS https://access.redhat.com/security/cve/CVE-2019-10155 https://bugzilla.redhat.com/show_bug.cgi?id=1714141 • CWE-354: Improper Validation of Integrity Check Value •
CVE-2018-17540
https://notcve.org/view.php?id=CVE-2018-17540
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate. El plugin gmp en strongSwan en versiones anteriores a la 5.7.1 tiene un desbordamiento de búfer mediante un certificado manipulado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html https://download.strongswan.org/security/CVE-2018-17540 https://lists.debian.org/debian-lts-announce/2018/10/msg00001.html https://security.gentoo.org/glsa/201811-16 https://usn.ubuntu.com/3774-1 https://www.debian.org/security/2018/dsa-4309 https://www.strongswan • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-16151
https://notcve.org/view.php?id=CVE-2018-16151
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. En verify_emsa_pkcs1_signature() en gmp_rsa_public_key.c en el plugin gmp en strongSwan en versiones 4.x y 5.x anteriores a la 5.7.0, la implementación RSA basada en GMP no rechaza los datos sobrantes tras el algoritmo OID cifrado durante la verificación de firmas PKCS#1 v1.5. De forma similar al error en la misma versión de strongSwan relacionado con digestAlgorithm.parameters, un atacante remoto puede falsificar firmas cuando se emplean pequeños exponentes públicos, lo que podría conducir a una suplantación cuando solo se emplea una firma RSA para la autenticación IKEv2. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html https://security.gentoo.org/glsa/201811-16 https://usn.ubuntu.com/3771-1 https://www.debian.org/security/2018/dsa-4305 https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-20 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2018-16152
https://notcve.org/view.php?id=CVE-2018-16152
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568. En verify_emsa_pkcs1_signature() en gmp_rsa_public_key.c en el plugin gmp en strongSwan en versiones 4.x y 5.x anteriores a la 5.7.0, la implementación RSA basada en GMP no rechaza los datos sobrantes en el campo digestAlgorithm.parameters durante la verificación de firmas PKCS#1 v1.5. En consecuencia, un atacante remoto puede falsificar firmas cuando se emplean pequeños exponentes públicos, lo que podría conducir a una suplantación cuando solo se emplea una firma RSA para la autenticación IKEv2. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html https://security.gentoo.org/glsa/201811-16 https://usn.ubuntu.com/3771-1 https://www.debian.org/security/2018/dsa-4305 https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-20 • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2018-10811
https://notcve.org/view.php?id=CVE-2018-10811
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. strongSwan, en versiones 5.6.0 y anteriores, permite una denegación de servicio (DoS) remota debido a la falta de inicialización de una variable. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html https://download.strongswan.org/security/CVE-2018-10811 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBO6ZQKLB5RY3TV7MXADFTQKXA2LUEIL https://security.gentoo.org/glsa/201811-16 https://usn.ubuntu.com/3771-1 https://www.debian.org/security& • CWE-909: Missing Initialization of Resource •