Arch Linux Security Advisory ASA-201805-26

Severity: Low
Date : 2018-05-26
CVE-ID : CVE-2018-5388
Package : strongswan
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-710

Summary

The package strongswan before version 5.6.2-2 is vulnerable to denial
of service.

Resolution

Upgrade to 5.6.2-2.

pacman -Syu “strongswan>=5.6.2-2”

The problem has been fixed upstream but no release is available yet.

Workaround

None.

Description

strongSwan VPN’s charon server prior to version 5.6.3 is missing a
packet length check in stroke_socket.c, allowing a buffer overflow
which may lead to resource exhaustion and denial of service while
reading from the socket.
According to the vendor, an attacker must typically have local root
permissions to access the socket. However, other accounts and groups
such as the vpn group (if capability dropping in enabled, for example)
may also have sufficient permissions, but this configuration does not
appear to be the default behavior.

Impact

A local attacker with access to the VPN socket is able to crash the
service.

References

https://bugs.archlinux.org/task/58719
https://www.kb.cert.org/vuls/id/338343
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
https://security.archlinux.org/CVE-2018-5388