899964 – (CVE-2023-26463) <net-vpn/strongswan-5.9.10: denial of service but possibly even remote code execution

Bug 899964 (CVE-2023-26463) - <net-vpn/strongswan-5.9.10: denial of service but possibly even remote code execution

Summary: <net-vpn/strongswan-5.9.10: denial of service but possibly even remote code e...

Status:	IN_PROGRESS

Alias:	CVE-2023-26463

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.strongswan.org/blog/2023/...
Whiteboard:	B2 [glsa]
Keywords:

Depends on:	904537
Blocks:
	Show dependency tree

Reported:	2023-03-06 21:51 UTC by Conrad Kostecki
Modified:	2024-04-07 06:44 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Conrad Kostecki gentoo-dev

2023-03-06 21:51:54 UTC

strongSwan Vulnerability (CVE-2023-26463)

A vulnerability related to certificate verification in TLS-based EAP methods was discovered in strongSwan that results in a denial of service but possibly even remote code execution. Versions 5.9.8 and 5.9.9 may be affected.

A user publicly reported a bug related certificate verification in TLS-based EAP methods that leads to an authentication bypass followed by an expired pointer dereference that results in a denial of service but possibly even remote code execution.

Fixed by 5.9.10 release:
https://www.strongswan.org/blog/2023/03/02/strongswan-5.9.10-released.html

Comment 1 Larry the Git Cow gentoo-dev

2023-03-14 23:14:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e946ce4d76ece04b512661469ce5550e1d505ae5

commit e946ce4d76ece04b512661469ce5550e1d505ae5
Author:     Dennis Eisele <kernlpanic@dennis-eisele.de>
AuthorDate: 2023-03-04 13:33:08 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-03-14 23:12:01 +0000

    net-vpn/strongswan: version bump to 5.9.10
    
    Bug: https://bugs.gentoo.org/899964
    Signed-off-by: Dennis Eisele <kernlpanic@dennis-eisele.de>
    Closes: https://github.com/gentoo/gentoo/pull/29924
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-vpn/strongswan/Manifest                 |   1 +
 net-vpn/strongswan/strongswan-5.9.10.ebuild | 318 ++++++++++++++++++++++++++++
 2 files changed, 319 insertions(+)

Comment 2 John Helmert III archtester

2023-04-19 04:11:51 UTC

Thanks!

Comment 3 Hans de Graaff gentoo-dev

2023-10-08 10:41:37 UTC

Ping. Please clean up vulnerable versions 5.9.8 and 5.9.9.

Comment 4 Larry the Git Cow gentoo-dev

2023-10-08 21:51:48 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=328181b0a39b56600ebba16a15ab14e3e4954b85

commit 328181b0a39b56600ebba16a15ab14e3e4954b85
Author:     Conrad Kostecki <conikost@gentoo.org>
AuthorDate: 2023-10-08 21:50:15 +0000
Commit:     Conrad Kostecki <conikost@gentoo.org>
CommitDate: 2023-10-08 21:51:41 +0000

    net-vpn/strongswan: drop 5.9.8, 5.9.9, 5.9.10
    
    Bug: https://bugs.gentoo.org/899964
    Signed-off-by: Conrad Kostecki <conikost@gentoo.org>

 net-vpn/strongswan/Manifest                 |   3 -
 net-vpn/strongswan/strongswan-5.9.10.ebuild | 318 ----------------------------
 net-vpn/strongswan/strongswan-5.9.8.ebuild  | 318 ----------------------------
 net-vpn/strongswan/strongswan-5.9.9.ebuild  | 318 ----------------------------
 4 files changed, 957 deletions(-)