GLSA-200406-20 : FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling

critical Nessus Plugin ID 14531

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200406-20 (FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling)

All these IPsec implementations have several bugs in the verify_x509cert() function, which performs certificate validation, that make them vulnerable to malicious PKCS#7 wrapped objects.
Impact :

With a carefully crafted certificate payload an attacker can successfully authenticate against FreeS/WAN, Openswan, strongSwan or Super-FreeS/WAN, or make the daemon go into an endless loop.
Workaround :

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version.

Solution

All FreeS/WAN 1.9x users should upgrade to the latest stable version:
# emerge sync # emerge -pv '=net-misc/freeswan-1.99-r1' # emerge '=net-misc/freeswan-1.99-r1' All FreeS/WAN 2.x users should upgrade to the latest stable version:
# emerge sync # emerge -pv '>=net-misc/freeswan-2.04-r1' # emerge '>=net-misc/freeswan-2.04-r1' All Openswan 1.x users should upgrade to the latest stable version:
# emerge sync # emerge -pv '=net-misc/openswan-1.0.6_rc1' # emerge '=net-misc/openswan-1.0.6_rc1' All Openswan 2.x users should upgrade to the latest stable version:
# emerge sync # emerge -pv '>=net-misc/openswan-2.1.4' # emerge '>=net-misc/openswan-2.1.4' All strongSwan users should upgrade to the latest stable version:
# emerge sync # emerge -pv '>=net-misc/strongswan-2.1.3' # emerge '>=net-misc/strongswan-2.1.3' All Super-FreeS/WAN users should migrate to the latest stable version of Openswan. Note that Portage will force a move for Super-FreeS/WAN users to Openswan.
# emerge sync # emerge -pv '=net-misc/openswan-1.0.6_rc1' # emerge '=net-misc/openswan-1.0.6_rc1'

See Also

https://lists.openswan.org/pipermail/dev/2004-June/000370.html

https://security.gentoo.org/glsa/200406-20

Plugin Details

Severity: Critical

ID: 14531

File Name: gentoo_GLSA-200406-20.nasl

Version: 1.18

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:freeswan, p-cpe:/a:gentoo:linux:openswan, p-cpe:/a:gentoo:linux:strongswan, p-cpe:/a:gentoo:linux:super-freeswan, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 6/25/2004

Reference Information

CVE: CVE-2004-0590

GLSA: 200406-20