Detections
Analytics
FreeBSD : strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388) (7fc3e827-64a5-11e8-aedb-00224d821998)
high Nessus Plugin ID 110274
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
strongSwan security team reports :- A denial-of-service vulnerability in the IKEv2 key derivation was fixed if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (which is not FIPS-compliant). So this should only affect very specific setups, but in such configurations all strongSwan versions since 5.0.1 may be affected.
- A denial-of-service vulnerability in the stroke plugin was fixed.
When reading a message from the socket the plugin did not check the received length. Unless a group is configured, root privileges are required to access that socket, so in the default configuration this shouldn't be an issue, but all strongSwan versions may be affected.
Solution
Update the affected package.See Also
http://www.nessus.org/u?91d4b518
Plugin Details
Severity: High
ID: 110274
File Name: freebsd_pkg_7fc3e82764a511e8aedb00224d821998.nasl
Version: 1.7
Type: local
Family: FreeBSD Local Security Checks
Published: 6/1/2018
Updated: 9/26/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2018-10811
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:strongswan, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/31/2018
Vulnerability Publication Date: 5/16/2018
Reference Information
CVE: CVE-2018-10811, CVE-2018-5388