[3.8] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)
A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of
service while reading from the socket. A remote attacker with
local user credentials (possibly a normal user in the vpn group, or
root) may be able to overflow the buffer and cause a denial of service.
Fixed In Version:
strongswan 5.6.3
References:
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
https://www.kb.cert.org/vuls/id/338343
Patch:
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
(from redmine: issue id 8954, created on 2018-05-31, closed on 2018-06-12)
- Relations:
- copied_to #8953 (closed)
- parent #8953 (closed)
- Changesets:
- Revision f48354fa on 2018-06-01T14:50:42Z:
main/strongswan: upgrade to 5.6.3
Add secfixes comments and sanitize patches.
Fixes #8954 #8928