ID DEBIAN_DSA-3398.NASL Type nessus Reporter Tenable Modified 2016-04-28T00:00:00
Description
Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.
Due to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.
It's possible to recognize such attacks by looking at the server logs.
The following log message would be seen during the client authentication :
EAP method EAP_MSCHAPV2 succeeded, no MSK established
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3398. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(86888);
script_version("$Revision: 2.3 $");
script_cvs_date("$Date: 2016/04/28 18:33:24 $");
script_cve_id("CVE-2015-8023");
script_osvdb_id(130318);
script_xref(name:"DSA", value:"3398");
script_name(english:"Debian DSA-3398-1 : strongswan - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Tobias Brunner found an authentication bypass vulnerability in
strongSwan, an IKE/IPsec suite.
Due to insufficient validation of its local state the server
implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin
can be tricked into successfully concluding the authentication without
providing valid credentials.
It's possible to recognize such attacks by looking at the server logs.
The following log message would be seen during the client
authentication :
EAP method EAP_MSCHAPV2 succeeded, no MSK established"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/strongswan"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/strongswan"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2015/dsa-3398"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the strongswan packages.
For the oldstable distribution (wheezy), this problem has been fixed
in version 4.5.2-1.5+deb7u8.
For the stable distribution (jessie), this problem has been fixed in
version 5.2.1-6+deb8u2."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:strongswan");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"patch_publication_date", value:"2015/11/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"libstrongswan", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"strongswan", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"strongswan-dbg", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"strongswan-ikev1", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"strongswan-ikev2", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"strongswan-nm", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"7.0", prefix:"strongswan-starter", reference:"4.5.2-1.5+deb7u8")) flag++;
if (deb_check(release:"8.0", prefix:"charon-cmd", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libcharon-extra-plugins", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libstrongswan", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libstrongswan-extra-plugins", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"libstrongswan-standard-plugins", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-charon", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-dbg", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-ike", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-ikev1", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-ikev2", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-libcharon", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-nm", reference:"5.2.1-6+deb8u2")) flag++;
if (deb_check(release:"8.0", prefix:"strongswan-starter", reference:"5.2.1-6+deb8u2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"hash": "7f88471abff4d6bd3fe0ff03c398e1030a86c94a7ec4ea835a000a3228c2bd9a", "naslFamily": "Debian Local Security Checks", "id": "DEBIAN_DSA-3398.NASL", "lastseen": "2017-10-29T13:33:57", "viewCount": 2, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "e59858b0726516c0578417cc05f21e73", "key": "cpe"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "11c25a2f272a8f822ca5ae3ccb0aee28", "key": "sourceData"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "edition": 2, "enchantments": {"vulnersScore": 7.5}, "type": "nessus", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "title": "Debian DSA-3398-1 : strongswan - security update", "history": [{"bulletin": {"hash": "35db993f0d642250c0181ba800f014e955e9ea78f73be538d3c9032056a2ba02", "naslFamily": "Debian Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:23:22", "enchantments": {}, "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "11c25a2f272a8f822ca5ae3ccb0aee28", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "DEBIAN_DSA-3398.NASL", "type": "nessus", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "viewCount": 2, "title": "Debian DSA-3398-1 : strongswan - security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2015-8023"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:33:24 $\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_osvdb_id(130318);\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2015-11-17T00:00:00", "pluginID": "86888", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "modified": "2016-04-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888"}, "lastseen": "2016-09-26T17:23:22", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2015-8023"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:33:24 $\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_osvdb_id(130318);\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "published": "2015-11-17T00:00:00", "pluginID": "86888", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "modified": "2016-04-28T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888"}
{"result": {"cve": [{"id": "CVE-2015-8023", "type": "cve", "title": "CVE-2015-8023", "description": "The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.", "published": "2015-11-18T11:59:07", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8023", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-04-18T15:58:29"}], "debian": [{"id": "DLA-345", "type": "debian", "title": "strongswan -- LTS security update", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs. The following log message would be seen during the client authentication:\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "published": "2015-11-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/2015/dla-345", "cvelist": ["CVE-2015-8023"], "lastseen": "2016-09-02T12:57:01"}, {"id": "DSA-3398", "type": "debian", "title": "strongswan -- security update", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs. The following log message would be seen during the client authentication:\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\n\nFor the oldstable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in version 5.2.1-6+deb8u2.\n\nFor the testing distribution (stretch), this problem has been fixed in version 5.3.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in version 5.3.3-3.\n\nWe recommend that you upgrade your strongswan packages.", "published": "2015-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-3398", "cvelist": ["CVE-2015-8023"], "lastseen": "2016-09-02T18:20:02"}], "nessus": [{"id": "SUSE_SU-2015-2183-1.NASL", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-1)", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-12-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87201", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:35:47"}, {"id": "OPENSUSE-2015-810.NASL", "type": "nessus", "title": "openSUSE Security Update : strongswan (openSUSE-2015-810)", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).", "published": "2015-11-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87083", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:37:32"}, {"id": "SUSE_SU-2015-2186-1.NASL", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : strongswan (SUSE-SU-2015:2186-1)", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-12-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87202", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:41:42"}, {"id": "FREEBSD_PKG_3EB0CCC28C6A11E58519005056AC623E.NASL", "type": "nessus", "title": "FreeBSD : strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin (3eb0ccc2-8c6a-11e5-8519-005056ac623e)", "description": "Strongswan Release Notes reports :\n\nFixed an authentication bypass vulnerability in the eap-mschapv2 plugin that was caused by insufficient verification of the internal state when handling MSCHAPv2 Success messages received by the client.\nThis vulnerability has been registered as CVE-2015-8023.", "published": "2015-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86889", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:45:34"}, {"id": "SUSE_SU-2015-2183-2.NASL", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-2)", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-12-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87645", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:35:34"}, {"id": "UBUNTU_USN-2811-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS / 15.04 / 15.10 : strongswan vulnerability (USN-2811-1)", "description": "It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86896", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:41:21"}, {"id": "DEBIAN_DLA-345.NASL", "type": "nessus", "title": "Debian DLA-345-1 : strongswan security update", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86953", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-10-29T13:38:30"}, {"id": "PFSENSE_SA-15_11.NASL", "type": "nessus", "title": "pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.2.6. It is, therefore, affected by multiple vulnerabilities.", "published": "2018-01-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=106498", "cvelist": ["CVE-2015-8023", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "lastseen": "2018-04-15T11:17:31"}], "freebsd": [{"id": "3EB0CCC2-8C6A-11E5-8519-005056AC623E", "type": "freebsd", "title": "strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin", "description": "\nStrongswan Release Notes reports:\n\nFixed an authentication bypass vulnerability in the eap-mschapv2 plugin that\n\t was caused by insufficient verification of the internal state when handling\n\t MSCHAPv2 Success messages received by the client.\n\t This vulnerability has been registered as CVE-2015-8023.\n\n", "published": "2015-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vuxml.freebsd.org/freebsd/3eb0ccc2-8c6a-11e5-8519-005056ac623e.html", "cvelist": ["CVE-2015-8023"], "lastseen": "2016-09-26T17:24:13"}], "openvas": [{"id": "OPENVAS:1361412562310842534", "type": "openvas", "title": "Ubuntu Update for strongswan USN-2811-1", "description": "Check the version of strongswan", "published": "2015-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842534", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-12-04T11:24:08"}, {"id": "OPENVAS:1361412562310703398", "type": "openvas", "title": "Debian Security Advisory DSA 3398-1 (strongswan - security update)", "description": "Tobias Brunner found an authentication\nbypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt", "published": "2015-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703398", "cvelist": ["CVE-2015-8023"], "lastseen": "2018-04-06T11:25:19"}, {"id": "OPENVAS:703398", "type": "openvas", "title": "Debian Security Advisory DSA 3398-1 (strongswan - security update)", "description": "Tobias Brunner found an authentication\nbypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt", "published": "2015-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703398", "cvelist": ["CVE-2015-8023"], "lastseen": "2017-07-24T12:52:37"}], "ubuntu": [{"id": "USN-2811-1", "type": "ubuntu", "title": "strongSwan vulnerability", "description": "It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.", "published": "2015-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://usn.ubuntu.com/2811-1/", "cvelist": ["CVE-2015-8023"], "lastseen": "2018-03-29T18:18:22"}], "suse": [{"id": "SUSE-SU-2015:2183-2", "type": "suse", "title": "Security update for strongswan (important)", "description": "The strongswan package was updated to fix the following security issue:\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the\n eap-mschapv2 plugin (bsc#953817).\n\n", "published": "2015-12-21T23:10:52", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html", "cvelist": ["CVE-2015-8023"], "lastseen": "2016-09-04T11:57:45"}]}}