[ASA-201805-26] strongswan: denial of service
Chris.Rebischke at archlinux.org
Tue May 29 22:15:08 UTC 2018
Arch Linux Security Advisory ASA-201805-26
Date : 2018-05-26
CVE-ID : CVE-2018-5388
Package : strongswan
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-710
The package strongswan before version 5.6.2-2 is vulnerable to denial
Upgrade to 5.6.2-2.
# pacman -Syu "strongswan>=5.6.2-2"
The problem has been fixed upstream but no release is available yet.
strongSwan VPN's charon server prior to version 5.6.3 is missing a
packet length check in stroke_socket.c, allowing a buffer overflow
which may lead to resource exhaustion and denial of service while
reading from the socket.
According to the vendor, an attacker must typically have local root
permissions to access the socket. However, other accounts and groups
such as the vpn group (if capability dropping in enabled, for example)
may also have sufficient permissions, but this configuration does not
appear to be the default behavior.
A local attacker with access to the VPN socket is able to crash the
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security