|
|
Subscribe / Log in / New account

Arch Linux alert ASA-201805-26 (strongswan)



From:
    	      Christian Rebischke <Chris.Rebischke@archlinux.org> 


To:
    	      arch-security@archlinux.org 


Subject:
    	      [ASA-201805-26] strongswan: denial of service 


Date:
    	      Wed, 30 May 2018 00:15:08 +0200


Message-ID:
    	      <20180529221508.GA12158@motoko.nullday.de>


Arch Linux Security Advisory ASA-201805-26
==========================================

Severity: Low
Date    : 2018-05-26
CVE-ID  : CVE-2018-5388
Package : strongswan
Type    : denial of service
Remote  : No
Link    : https://security.archlinux.org/AVG-710

Summary
=======

The package strongswan before version 5.6.2-2 is vulnerable to denial
of service.

Resolution
==========

Upgrade to 5.6.2-2.

# pacman -Syu "strongswan>=5.6.2-2"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

strongSwan VPN's charon server prior to version 5.6.3 is missing a
packet length check in stroke_socket.c, allowing a buffer overflow
which may lead to resource exhaustion and denial of service while
reading from the socket.
According to the vendor, an attacker must typically have local root
permissions to access the socket. However, other accounts and groups
such as the vpn group (if capability dropping in enabled, for example)
may also have sufficient permissions, but this configuration does not
appear to be the default behavior.

Impact
======

A local attacker with access to the VPN socket is able to crash the
service.

References
==========

https://bugs.archlinux.org/task/58719
https://www.kb.cert.org/vuls/id/338343
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;...
https://security.archlinux.org/CVE-2018-5388
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds