| Summary: | <net-misc/strongswan-5.3.4: Authentication bypass in eap-mschapv2 plugin (CVE-2015-8023) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | gurligebis, patrick |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1283219 | ||
| Whiteboard: | B4 [noglsa/cve] | ||
| Package list: | Runtime testing required: | --- | |
Do go ahead and stabilize 5.3.4 :-) Thanks. net-misc/strongswan-5.3.4 Arches, please test and mark stable: =net-misc/strongswan-5.3.4 Target Keywords : "amd64 arm ppc x86" Thank you! amd64 stable arm stable ppc stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Old version removed. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Thank you all. Closing as noglsa. |
From ${URL} : A vulnerability in eap-mschapv2 plugin allowing a malicious client to trick the server into successfully concluding the authentication without providing valid credential. The problem is caused by insufficient verification of the local state in the server implementation of the EAP-MSCHAPv2 protocol. In fact, the client can simply send the last message in the EAP-MSCHAPv2 protocol (an empty Success message) as response to the server's initial Challenge message to pass the authentication successfully. Affected are IKEv2 connections that use EAP-MSCHAPv2 to authenticate clients via eap-mschapv2 plugin. Affected are all strongswan versions 4.2.12, up to and including 5.3.3. Upstream patch: https://download.strongswan.org/security/CVE-2015-8023/ External reference: https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.