[ASA-201805-26] strongswan: denial of service

Christian Rebischke Chris.Rebischke at archlinux.org
Tue May 29 22:15:08 UTC 2018


Arch Linux Security Advisory ASA-201805-26
==========================================

Severity: Low
Date    : 2018-05-26
CVE-ID  : CVE-2018-5388
Package : strongswan
Type    : denial of service
Remote  : No
Link    : https://security.archlinux.org/AVG-710

Summary
=======

The package strongswan before version 5.6.2-2 is vulnerable to denial
of service.

Resolution
==========

Upgrade to 5.6.2-2.

# pacman -Syu "strongswan>=5.6.2-2"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

strongSwan VPN's charon server prior to version 5.6.3 is missing a
packet length check in stroke_socket.c, allowing a buffer overflow
which may lead to resource exhaustion and denial of service while
reading from the socket.
According to the vendor, an attacker must typically have local root
permissions to access the socket. However, other accounts and groups
such as the vpn group (if capability dropping in enabled, for example)
may also have sufficient permissions, but this configuration does not
appear to be the default behavior.

Impact
======

A local attacker with access to the VPN socket is able to crash the
service.

References
==========

https://bugs.archlinux.org/task/58719
https://www.kb.cert.org/vuls/id/338343
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
https://security.archlinux.org/CVE-2018-5388
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20180530/262caa5c/attachment.asc>


More information about the arch-security mailing list