Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.704309 |
Kategorie: | Debian Local Security Checks |
Titel: | Debian Security Advisory DSA 4309-1 (strongswan - security update) |
Zusammenfassung: | Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the;patch that fixes CVE-2018-16151 and CVE-2018-16151;(DSA-4305-1).;;An attacker could trigger it using crafted certificates with RSA keys with;very small moduli. Verifying signatures with such keys would cause an integer;underflow and subsequent heap buffer overflow resulting in a crash of the;daemon. While arbitrary code execution is not completely ruled out because of;the heap buffer overflow, due to the form of the data written to the buffer;it seems difficult to actually exploit it in such a way. |
Beschreibung: | Summary: Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon. While arbitrary code execution is not completely ruled out because of the heap buffer overflow, due to the form of the data written to the buffer it seems difficult to actually exploit it in such a way. Affected Software/OS: strongswan on Debian Linux Solution: For the stable distribution (stretch), this problem has been fixed in version 5.5.1-4+deb9u4. We recommend that you upgrade your strongswan packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-16151 Common Vulnerability Exposure (CVE) ID: CVE-2018-17540 |
Copyright | Copyright (C) 2018 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |