Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 204
    • Merge Requests 204
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #9482

Closed
Open
Opened Sep 27, 2018 by Alicha CH@alichaReporter

strongswan: Multiple vulnerabilities (CVE-2018-16151, CVE-2018-16152)

CVE-2018-16151: In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0,
the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification.
Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small
public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

References:

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://nvd.nist.gov/vuln/detail/CVE-2018-16151

Patches:

https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.3.1-5.6.0\_gmp-pkcs1-verify.patch
https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.6.1-5.6.3\_gmp-pkcs1-verify.patch

CVE-2018-16152: In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0,
the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature
verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to
impersonation when only an RSA signature is used for IKEv2 authentication.

References:

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16152

Patches:

https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.3.1-5.6.0\_gmp-pkcs1-verify.patch
https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.6.1-5.6.3\_gmp-pkcs1-verify.patch

(from redmine: issue id 9482, created on 2018-09-27, closed on 2018-10-04)

  • Relations:
    • child #9483 (closed)
    • child #9484 (closed)
    • child #9485 (closed)
    • child #9486 (closed)
    • child #9487 (closed)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: alpine/aports#9482