GLSA-200406-20 : FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200406-20
(FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling)

All these IPsec implementations have several bugs in the
verify_x509cert() function, which performs certificate validation, that
make them vulnerable to malicious PKCS#7 wrapped objects.

Impact :

With a carefully crafted certificate payload an attacker can
successfully authenticate against FreeS/WAN, Openswan, strongSwan or
Super-FreeS/WAN, or make the daemon go into an endless loop.

Workaround :

There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version.

See also :

http://lists.openswan.org/pipermail/dev/2004-June/000370.html
http://www.gentoo.org/security/en/glsa/glsa-200406-20.xml

Solution :

All FreeS/WAN 1.9x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '=net-misc/freeswan-1.99-r1'
# emerge '=net-misc/freeswan-1.99-r1'
All FreeS/WAN 2.x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '>=net-misc/freeswan-2.04-r1'
# emerge '>=net-misc/freeswan-2.04-r1'
All Openswan 1.x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '=net-misc/openswan-1.0.6_rc1'
# emerge '=net-misc/openswan-1.0.6_rc1'
All Openswan 2.x users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '>=net-misc/openswan-2.1.4'
# emerge '>=net-misc/openswan-2.1.4'
All strongSwan users should upgrade to the latest stable version:
# emerge sync
# emerge -pv '>=net-misc/strongswan-2.1.3'
# emerge '>=net-misc/strongswan-2.1.3'
All Super-FreeS/WAN users should migrate to the latest stable version
of Openswan. Note that Portage will force a move for Super-FreeS/WAN
users to Openswan.
# emerge sync
# emerge -pv '=net-misc/openswan-1.0.6_rc1'
# emerge '=net-misc/openswan-1.0.6_rc1'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14531 (gentoo_GLSA-200406-20.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0590