Debian Local Security Checks : Debian Security Advisory DSA 4309-1 (strongswan

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.704309

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 4309-1 (strongswan - security update)

Zusammenfassung: Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the;patch that fixes CVE-2018-16151 and CVE-2018-16151;(DSA-4305-1).;;An attacker could trigger it using crafted certificates with RSA keys with;very small moduli. Verifying signatures with such keys would cause an integer;underflow and subsequent heap buffer overflow resulting in a crash of the;daemon. While arbitrary code execution is not completely ruled out because of;the heap buffer overflow, due to the form of the data written to the buffer;it seems difficult to actually exploit it in such a way.

Beschreibung: Summary:
Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the
patch that fixes CVE-2018-16151 and CVE-2018-16151
(DSA-4305-1).

An attacker could trigger it using crafted certificates with RSA keys with
very small moduli. Verifying signatures with such keys would cause an integer
underflow and subsequent heap buffer overflow resulting in a crash of the
daemon. While arbitrary code execution is not completely ruled out because of
the heap buffer overflow, due to the form of the data written to the buffer
it seems difficult to actually exploit it in such a way.

Affected Software/OS:
strongswan on Debian Linux

Solution:
For the stable distribution (stretch), this problem has been fixed in
version 5.5.1-4+deb9u4.

We recommend that you upgrade your strongswan packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-16151
Common Vulnerability Exposure (CVE) ID: CVE-2018-17540

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.704309
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 4309-1 (strongswan - security update)
Zusammenfassung:	Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the;patch that fixes CVE-2018-16151 and CVE-2018-16151;(DSA-4305-1).;;An attacker could trigger it using crafted certificates with RSA keys with;very small moduli. Verifying signatures with such keys would cause an integer;underflow and subsequent heap buffer overflow resulting in a crash of the;daemon. While arbitrary code execution is not completely ruled out because of;the heap buffer overflow, due to the form of the data written to the buffer;it seems difficult to actually exploit it in such a way.
Beschreibung:	Summary: Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon. While arbitrary code execution is not completely ruled out because of the heap buffer overflow, due to the form of the data written to the buffer it seems difficult to actually exploit it in such a way. Affected Software/OS: strongswan on Debian Linux Solution: For the stable distribution (stretch), this problem has been fixed in version 5.5.1-4+deb9u4. We recommend that you upgrade your strongswan packages. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-16151 Common Vulnerability Exposure (CVE) ID: CVE-2018-17540
Copyright	Copyright (C) 2018 Greenbone Networks GmbH