From ${URL} : escription A vulnerability has been reported in strongSwan, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "is_asn1()" function (libstrongswan/asn1/asn1.c) when handling XAuth usernames and EAP identities and can be exploited to cause a crash via specially crafted requests. The vulnerability is reported in versions prior to 5.1.0. Solution: Update to version 5.1.0 or apply patch. Further details available to Secunia VIM customers Provided and/or discovered by: Ewan Smythe in a bug report. Original Advisory: strongSwan: http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html Ewan Smythe: https://lists.strongswan.org/pipermail/users/2013-July/009540.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Bumped to 5.1.0 - please stabilize ASAP :-)
All right then. Arches, please stabilize =net-misc/strongswan-5.1.0, target arches amd64 arm ppc x86. Thanks!
amd64 stable
ppc stable
x86 stable
arm stable
GLSA vote: yes
GLSA vote: yes (since we're issuing a strongswan advisory already), added to GLSA request.
CVE-2013-5018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5018): The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow.
This issue was resolved and addressed in GLSA 201309-02 at http://security.gentoo.org/glsa/glsa-201309-02.xml by GLSA coordinator Chris Reffett (creffett).
