strongSwan VPN charon server vulnerable to buffer underflow

Overview

strongSwan VPN’s charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow, resulting in denial of service.

Description

CWE-124: Buffer Underwrite (‘Buffer Underflow’) - CVE-2018-5388

In stroke_socket.c, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

According to the vendor, an attacker must typically have local root permissions to access the socket. However, other accounts and groups such as the vpn group (if capability dropping in enabled, for example) may also have sufficient permissions, but this configuration does not appear to be the default behavior.

---

Impact

A remote attacker with local user credentials (possibly a normal user in the vpn group, or root) may be able to underflow the buffer and cause a denial of service.

---

Solution

Apply an update

StrongSwan version 5.6.3 and above contain a patch for this issue.

---

Vendor Information

338343

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

SUSE Linux __ Affected

Notified: May 23, 2018 Updated: May 24, 2018

Statement Date: May 24, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

An updated version of strongSwan is expected to become available shortly. Further details can be read in the advisory.

Vendor References

• <https://www.suse.com/security/cve/CVE-2018-5388/&gt;
• <https://bugzilla.suse.com/show_bug.cgi?id=1094462&gt;

strongSwan __ Affected

Notified: March 21, 2018 Updated: May 24, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

StrongSwan version 5.6.3 and above contain a patch for this issue.

ASP Linux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Alpine Linux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Arch Linux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Arista Networks, Inc. Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CentOS Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

CoreOS Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Debian GNU/Linux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

ENEA Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Fedora Project Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Geexbox Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Gentoo Linux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

HomeSeer Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Micro Focus Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

MontaVista Software, Inc. Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Openwall GNU/*/Linux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Red Hat, Inc. Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Slackware Linux Inc. Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Tizen Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Turbolinux Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

Ubuntu Unknown

Notified: May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

View all 22 vendors __View less vendors __

CVSS Metrics

Group	Score	Vector
Base	4.9	AV:N/AC:H/Au:S/C:N/I:N/A:C
Temporal	3.8	E:POC/RL:OF/RC:C
Environmental	3.9	CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

• <https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4&gt;
• <http://cwe.mitre.org/data/definitions/124.html&gt;

Acknowledgements

Thanks to Kevin Backhouse of Semmle Ltd. for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs:	CVE-2018-5388
Date Public:	2018-05-22 Date First Published: