| Summary: | <net-misc/strongswan-5.1.0: "is_asn1()" XAuth Username and EAP Identity Handling Denial of Service Vulnerability (CVE-2013-5018) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | gurligebis, patrick |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/54315/ | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 477502 | ||
Bumped to 5.1.0 - please stabilize ASAP :-) All right then. Arches, please stabilize =net-misc/strongswan-5.1.0, target arches amd64 arm ppc x86. Thanks! amd64 stable ppc stable x86 stable arm stable GLSA vote: yes GLSA vote: yes (since we're issuing a strongswan advisory already), added to GLSA request. CVE-2013-5018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5018): The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentation fault) via a (1) XAuth username, (2) EAP identity, or (3) PEM encoded file that starts with a 0x04, 0x30, or 0x31 character followed by an ASN.1 length value that triggers an integer overflow. This issue was resolved and addressed in GLSA 201309-02 at http://security.gentoo.org/glsa/glsa-201309-02.xml by GLSA coordinator Chris Reffett (creffett). |
From ${URL} : escription A vulnerability has been reported in strongSwan, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "is_asn1()" function (libstrongswan/asn1/asn1.c) when handling XAuth usernames and EAP identities and can be exploited to cause a crash via specially crafted requests. The vulnerability is reported in versions prior to 5.1.0. Solution: Update to version 5.1.0 or apply patch. Further details available to Secunia VIM customers Provided and/or discovered by: Ewan Smythe in a bug report. Original Advisory: strongSwan: http://strongswan.org/blog/2013/08/01/strongswan-5.1.0-released.html http://strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html Ewan Smythe: https://lists.strongswan.org/pipermail/users/2013-July/009540.html @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.