[VU#338343] strongSwan VPN
——BEGIN PGP SIGNED MESSAGE——
Hash: SHA256
Greetings,
We’re aware of a buffer underflow vulnerability in strongSwan VPN. We’re tracking it as VU#338343.
We’ve published a Vulnerability Note at <https://www.kb.cert.org/vuls/id/338343>to document the issue.
We expect a low severity because of what seems to be a requirement for root access to exploit, yet the developer has indicated a lower privileged user with correct group access may also be able to access. It’s unclear if this is default, or something managed by distributions as part of the packaging.
Please let us know if you have any comments or would like to make a statement.
Best Regards,
Garret WASSERMANN
Vulnerability Analysis Team
CERT Coordination Center (CERT/CC)
A division of:
Software Engineering Institute
Carnegie Mellon University
——BEGIN PGP SIGNATURE——
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJbBYbrAAoJEOPd3Dh7UC7PFYAQAJypbmHiJWQPOjSEDH7kiYew
5cl12kvHmLI8U/orc1EhYaDGb7aKQTxWzogsa8I84npre3nFg4vBU3si74Em55Jk
iKmc1I3LofqqFjRqw+poc5QgU6Wz2K1PFMMSYsBQJgWI5s7GwpWkHuPfmquo5pl3
8tOXVPGBz4np9Tsfi8PjEGLm81pS/FRUnbrJHygbePi5bW+1oipc9RQawIbExAEx
vVPH2BBt0H/M/Ln6CRX5aA1IEdROtpYdNWyIQ3OwLKaKS68uDFdm2tAcfCvrfswf
2CVCkT3cI/6Yc5TbBAkqO5r88E5hPweC7Gfo83BjBP3P6hC5vFwBqzAe1mubE/QB
myzRwJogyzo8FbaMwjT/CivjlBhafQGYSNDAc2bCy/b66z/94zAtRXHbVkG28LJc
2/bBNRJAhCkfUow7GqkvDYj+pNfRvhmrOpQmxYHroU6AMwuNv6t1sZIyEDlpiTRx
ql48JSKsOMmoBA6SV6bmStSORJYk//IlhKqiQiRH4OTJhu3Ta6WRwHije4DElHlG
NfDbeO9GHh8EvsnAAXNmU9jWeYUF2pZtqNkbDCwtdSKTPHse5/CrY9X+fSa8oI//
+Qnf6CyUOIeBhyX4Z4Wpuv6GyCUi2mAKAOzg1bZRMX+aH1Cuv/WFM5Pd6qyfP719
Xa9viSGQsrhHSEwWCnl3
=/2qB
——END PGP SIGNATURE——
(from redmine: issue id 8928, created on 2018-05-23, closed on 2019-06-19)
- Changesets:
- Revision f48354fa on 2018-06-01T14:50:42Z:
main/strongswan: upgrade to 5.6.3
Add secfixes comments and sanitize patches.
Fixes #8954 #8928