818841 – (CVE-2021-41991) <net-vpn/strongswan-5.9.4: integer overflow (CVE-2021-41991)

Bug 818841 (CVE-2021-41991) - <net-vpn/strongswan-5.9.4: integer overflow (CVE-2021-41991)

Summary: <net-vpn/strongswan-5.9.4: integer overflow (CVE-2021-41991)

Status:	IN_PROGRESS

Alias:	CVE-2021-41991

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.strongswan.org/blog/2021/...
Whiteboard:	B2 [glsa?]
Keywords:	PullRequest

Depends on:	830060
Blocks:
	Show dependency tree

Reported:	2021-10-18 19:46 UTC by John Helmert III
Modified:	2023-01-06 17:45 UTC (History)
CC List:	4 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/23573
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-10-18 19:46:47 UTC

CVE-2021-41991:

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

Comment 1 Larry the Git Cow gentoo-dev

2022-01-02 14:15:52 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b2be9c86d3a38312e787a30291c46e30b2da3bb

commit 7b2be9c86d3a38312e787a30291c46e30b2da3bb
Author:     Philipp Rösner <rndxelement@protonmail.com>
AuthorDate: 2021-12-29 22:46:06 +0000
Commit:     Florian Schmaus <flow@gentoo.org>
CommitDate: 2022-01-02 14:15:30 +0000

    net-vpn/strongswan: bump to 5.9.4
    
    Added an ebuild for strongswan-5.9.4 with support for EAPI 8.
    
    Bug: https://bugs.gentoo.org/818841
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Philipp Roesner <rndxelement@protonmail.com>
    Signed-off-by: Florian Schmaus <flow@gentoo.org>

 net-vpn/strongswan/Manifest                |   1 +
 net-vpn/strongswan/strongswan-5.9.4.ebuild | 308 +++++++++++++++++++++++++++++
 2 files changed, 309 insertions(+)

Comment 2 John Helmert III archtester

2022-08-16 21:17:42 UTC

I'm sorry I missed this, but thank you for the bump! Please cleanup remaining vulnerable ebuilds.

Comment 3 Larry the Git Cow gentoo-dev

2023-01-06 17:45:37 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7387260e58f7f39705fa2c03024201eee834e8e9

commit 7387260e58f7f39705fa2c03024201eee834e8e9
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2023-01-06 17:43:24 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-06 17:43:34 +0000

    net-vpn/strongswan: drop 5.9.6-r1, 5.9.7
    
    Bug: https://bugs.gentoo.org/818841
    Bug: https://bugs.gentoo.org/832460
    Bug: https://bugs.gentoo.org/878887
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 net-vpn/strongswan/Manifest                        |   2 -
 .../files/strongswan-5.9.6-werror-security.patch   |  20 --
 net-vpn/strongswan/strongswan-5.9.6-r1.ebuild      | 322 ---------------------
 net-vpn/strongswan/strongswan-5.9.7.ebuild         | 318 --------------------
 4 files changed, 662 deletions(-)