{"id": "DEBIAN_DSA-3398.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-3398-1 : strongswan - security update", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "published": "2015-11-17T00:00:00", "modified": "2018-11-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888", "reporter": "Tenable", "references": ["https://packages.debian.org/source/jessie/strongswan", "https://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "cvelist": ["CVE-2015-8023"], "type": "nessus", "lastseen": "2018-11-13T16:44:49", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2015-8023"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "edition": 1, "enchantments": {}, "hash": "35db993f0d642250c0181ba800f014e955e9ea78f73be538d3c9032056a2ba02", "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "11c25a2f272a8f822ca5ae3ccb0aee28", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888", "id": "DEBIAN_DSA-3398.NASL", "lastseen": "2016-09-26T17:23:22", "modified": "2016-04-28T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.2", "pluginID": "86888", "published": "2015-11-17T00:00:00", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:33:24 $\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_osvdb_id(130318);\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3398-1 : strongswan - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:22"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2015-8023"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "edition": 5, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4ca46e3c24886671e8e20028e8ab7f4ff28a9e6d05523726a835873b449cddc2", "hashmap": [{"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "e59858b0726516c0578417cc05f21e73", "key": "cpe"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d274c98b5bf5f7b4a82ec120a31aa6ef", "key": "sourceData"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888", "id": "DEBIAN_DSA-3398.NASL", "lastseen": "2018-09-01T23:34:34", "modified": "2018-07-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "86888", "published": "2015-11-17T00:00:00", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3398-1 : strongswan - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["references", "modified", "sourceData"], "edition": 5, "lastseen": "2018-09-01T23:34:34"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2015-8023"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "edition": 3, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "4ca46e3c24886671e8e20028e8ab7f4ff28a9e6d05523726a835873b449cddc2", "hashmap": [{"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "e59858b0726516c0578417cc05f21e73", "key": "cpe"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d274c98b5bf5f7b4a82ec120a31aa6ef", "key": "sourceData"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888", "id": "DEBIAN_DSA-3398.NASL", "lastseen": "2018-07-12T17:30:44", "modified": "2018-07-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "86888", "published": "2015-11-17T00:00:00", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3398-1 : strongswan - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-12T17:30:44"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2015-8023"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "edition": 4, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "72863368a46a178e519ae674eb8c3d29a1fc4f143d99a9ecb8f00a780b443dd0", "hashmap": [{"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "e59858b0726516c0578417cc05f21e73", "key": "cpe"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "126aa6199253ddc5259666d479153208", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d274c98b5bf5f7b4a82ec120a31aa6ef", "key": "sourceData"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888", "id": "DEBIAN_DSA-3398.NASL", "lastseen": "2018-08-30T19:31:48", "modified": "2018-07-10T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "86888", "published": "2015-11-17T00:00:00", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/10 14:27:31\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3398-1 : strongswan - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:31:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"], "cvelist": ["CVE-2015-8023"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "7f88471abff4d6bd3fe0ff03c398e1030a86c94a7ec4ea835a000a3228c2bd9a", "hashmap": [{"hash": "7682593865fe3c4bfddc41a9be4d6e7d", "key": "modified"}, {"hash": "d23fb3b22d921dc08a69be64bd2dca46", "key": "description"}, {"hash": "e59858b0726516c0578417cc05f21e73", "key": "cpe"}, {"hash": "894b53e0119e515f0f1128a38aac3e66", "key": "pluginID"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "26769fd423968d45be7383413e2552f1", "key": "cvss"}, {"hash": "a26803858e73ec35b04b0f79276377f5", "key": "references"}, {"hash": "ab36959c0dc2c37ef61aa0918d8d8386", "key": "href"}, {"hash": "56f43625de86e9aac657ce68c9bd65a9", "key": "cvelist"}, {"hash": "11c25a2f272a8f822ca5ae3ccb0aee28", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "1a92e68a45b0c399a9d509ec7b75d439", "key": "title"}, {"hash": "793ca65a1c0bd7630198bb8d1c89c89b", "key": "published"}, {"hash": "74562d71b087df9eabd0c21f99b132cc", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=86888", "id": "DEBIAN_DSA-3398.NASL", "lastseen": "2017-10-29T13:33:57", "modified": "2016-04-28T00:00:00", "naslFamily": "Debian Local Security Checks", "objectVersion": "1.3", "pluginID": "86888", "published": "2015-11-17T00:00:00", "references": ["https://packages.debian.org/source/jessie/strongswan", "http://www.debian.org/security/2015/dsa-3398", "https://packages.debian.org/source/wheezy/strongswan"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"$Revision: 2.3 $\");\n script_cvs_date(\"$Date: 2016/04/28 18:33:24 $\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_osvdb_id(130318);\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Debian DSA-3398-1 : strongswan - security update", "type": "nessus", "viewCount": 2}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:33:57"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e59858b0726516c0578417cc05f21e73"}, {"key": "cvelist", "hash": "56f43625de86e9aac657ce68c9bd65a9"}, {"key": "cvss", "hash": "26769fd423968d45be7383413e2552f1"}, {"key": "description", "hash": "d23fb3b22d921dc08a69be64bd2dca46"}, {"key": "href", "hash": "ab36959c0dc2c37ef61aa0918d8d8386"}, {"key": "modified", "hash": "3c764d4cf584f9ded7aa4dcca57c78ff"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "894b53e0119e515f0f1128a38aac3e66"}, {"key": "published", "hash": "793ca65a1c0bd7630198bb8d1c89c89b"}, {"key": "references", "hash": "536bfa1b40f7ce67a54ac36cfa82c3b8"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "85d7be7e8eb3c41d6578c2d23000774b"}, {"key": "title", "hash": "1a92e68a45b0c399a9d509ec7b75d439"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "d2f34e7a2f1ff7e094ec6a8f4554ca4146e4d020118187dfdd616e1c09c83098", "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3398. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86888);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/10 11:49:37\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_xref(name:\"DSA\", value:\"3398\");\n\n script_name(english:\"Debian DSA-3398-1 : strongswan - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/strongswan\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3398\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the strongswan packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libstrongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-dbg\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev1\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-ikev2\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-nm\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"strongswan-starter\", reference:\"4.5.2-1.5+deb7u8\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"charon-cmd\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libcharon-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-extra-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libstrongswan-standard-plugins\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-charon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-dbg\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ike\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev1\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-ikev2\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-libcharon\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-nm\", reference:\"5.2.1-6+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"strongswan-starter\", reference:\"5.2.1-6+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "86888", "cpe": ["p-cpe:/a:debian:debian_linux:strongswan", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:7.0"]}

{"cve": [{"lastseen": "2018-08-14T11:24:27", "references": ["http://www.debian.org/security/2015/dsa-3398", "http://lists.opensuse.org/opensuse-updates/2015-11/msg00139.html", "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html", "http://www.securityfocus.com/bid/84947", "https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-(cve-2015-8023).html", "http://www.ubuntu.com/usn/USN-2811-1"], "description": "The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message.", "edition": 3, "reporter": "NVD", "published": "2015-11-18T11:59:07", "title": "CVE-2015-8023", "type": "cve", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2015-8023"], "scanner": [], "modified": "2018-08-13T17:47:53", "cpe": ["cpe:/a:strongswan:strongswan:4.3.7", "cpe:/a:strongswan:strongswan:4.2.14", "cpe:/a:strongswan:strongswan:4.2.13", "cpe:/a:strongswan:strongswan:5.2.2", "cpe:/a:strongswan:strongswan:4.3.3", "cpe:/a:strongswan:strongswan:4.6.1", "cpe:/a:strongswan:strongswan:4.2.12", "cpe:/a:strongswan:strongswan:4.6.4", "cpe:/a:strongswan:strongswan:4.2.16", "cpe:/a:strongswan:strongswan:4.5.3", "cpe:/a:strongswan:strongswan:4.3.0", "cpe:/a:strongswan:strongswan:5.0.3", "cpe:/a:strongswan:strongswan:4.6.0", "cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~", "cpe:/a:strongswan:strongswan:4.4.0", "cpe:/a:strongswan:strongswan:4.3.6", "cpe:/a:strongswan:strongswan:5.1.3", "cpe:/a:strongswan:strongswan:4.6.2", "cpe:/a:strongswan:strongswan:4.5.1", "cpe:/a:strongswan:strongswan:4.3.2", "cpe:/a:strongswan:strongswan:5.2.1", "cpe:/a:strongswan:strongswan:4.5.0", "cpe:/a:strongswan:strongswan:5.3.1", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/a:strongswan:strongswan:5.3.0", "cpe:/a:strongswan:strongswan:5.3.3", "cpe:/a:strongswan:strongswan:5.2.0", "cpe:/a:strongswan:strongswan:5.0.2", "cpe:/a:strongswan:strongswan:5.0.0", "cpe:/a:strongswan:strongswan:5.1.0", "cpe:/a:strongswan:strongswan:4.3.4", "cpe:/a:strongswan:strongswan:4.2.15", "cpe:/a:strongswan:strongswan:4.6.3", "cpe:/a:strongswan:strongswan:4.4.1", "cpe:/a:strongswan:strongswan:4.5.2", "cpe:/a:strongswan:strongswan:4.3.5", "cpe:/a:strongswan:strongswan:5.2.3", "cpe:/a:strongswan:strongswan:5.1.2", "cpe:/a:strongswan:strongswan:4.3.1", "cpe:/a:strongswan:strongswan:5.0.1", "cpe:/a:strongswan:strongswan:5.1.1", "cpe:/a:strongswan:strongswan:5.3.2", "cpe:/a:strongswan:strongswan:5.0.4"], "id": "CVE-2015-8023", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8023", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:14:30", "references": ["https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "5.3.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "strongswan", "operator": "lt"}], "description": "\nStrongswan Release Notes reports:\n\nFixed an authentication bypass vulnerability in the eap-mschapv2 plugin that\n\t was caused by insufficient verification of the internal state when handling\n\t MSCHAPv2 Success messages received by the client.\n\t This vulnerability has been registered as CVE-2015-8023.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2015-11-16T00:00:00", "title": "strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8023"], "modified": "2015-11-16T00:00:00", "id": "3EB0CCC2-8C6A-11E5-8519-005056AC623E", "href": "https://vuxml.freebsd.org/freebsd/3eb0ccc2-8c6a-11e5-8519-005056ac623e.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:35", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "strongswan-nm_4.4.1-5.8_all.deb", "packageName": "strongswan-nm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "strongswan_4.4.1-5.8_all.deb", "packageName": "strongswan", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "strongswan-starter_4.4.1-5.8_all.deb", "packageName": "strongswan-starter", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "strongswan-ikev2_4.4.1-5.8_all.deb", "packageName": "strongswan-ikev2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "libstrongswan_4.4.1-5.8_all.deb", "packageName": "libstrongswan", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "strongswan-dbg_4.4.1-5.8_all.deb", "packageName": "strongswan-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "6", "packageVersion": "4.4.1-5.8", "arch": "all", "packageFilename": "strongswan-ikev1_4.4.1-5.8_all.deb", "packageName": "strongswan-ikev1", "operator": "lt"}], "description": "Package : strongswan\nVersion : 4.4.1-5.8\nCVE ID : CVE-2015-8023\n\nTobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt&#x27;s possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication:\n\n EAP method EAP_MSCHAPV2 succeeded, no MSK established\n", "edition": 1, "reporter": "Debian", "published": "2015-11-19T12:47:49", "title": "[SECURITY] [DLA 345-1] strongswan security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-16T22:14:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8023"], "modified": "2015-11-19T12:47:49", "id": "DEBIAN:DLA-345-1:D1E73", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201511/msg00005.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-18T13:49:12", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-starter_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-starter", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "libstrongswan-extra-plugins_5.2.1-6+deb8u2_all.deb", "packageName": "libstrongswan-extra-plugins", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-dbg_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-dbg", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-ikev2_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-ikev2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-charon_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-charon", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "charon-cmd_5.2.1-6+deb8u2_all.deb", "packageName": "charon-cmd", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-ikev1_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-ikev1", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "libstrongswan_5.2.1-6+deb8u2_all.deb", "packageName": "libstrongswan", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "libstrongswan-standard-plugins_5.2.1-6+deb8u2_all.deb", "packageName": "libstrongswan-standard-plugins", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-libcharon_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-libcharon", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-nm_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-nm", "operator": "lt"}, {"OS": "Debian", "OSVersion": "7", "packageVersion": "4.5.2-1.5+deb7u8", "arch": "all", "packageFilename": "strongswan_4.5.2-1.5+deb7u8_all.deb", "packageName": "strongswan", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "strongswan-ike_5.2.1-6+deb8u2_all.deb", "packageName": "strongswan-ike", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "5.2.1-6+deb8u2", "arch": "all", "packageFilename": "libcharon-extra-plugins_5.2.1-6+deb8u2_all.deb", "packageName": "libcharon-extra-plugins", "operator": "lt"}], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3398-1 security@debian.org\nhttps://www.debian.org/security/ Yves-Alexis Perez\nNovember 16, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : strongswan\nCVE ID : CVE-2015-8023\n\nTobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt&#x27;s possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication:\n\n EAP method EAP_MSCHAPV2 succeeded, no MSK established\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 5.3.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.3.3-3.\n\nWe recommend that you upgrade your strongswan packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "reporter": "Debian", "published": "2015-11-16T13:15:24", "title": "[SECURITY] [DSA 3398-1] strongswan security update", "type": "debian", "enchantments": {"score": {"modified": "2018-10-18T13:49:12", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8023"], "modified": "2015-11-16T13:15:24", "id": "DEBIAN:DSA-3398-1:852F4", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00303.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-11-30T07:21:21", "references": ["http://www.nessus.org/u?bd438ab1", "https://www.suse.com/security/cve/CVE-2015-8023/", "https://bugzilla.suse.com/show_bug.cgi?id=953817"], "pluginID": "87201", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2015-12-04T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-11-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:strongswan-ipsec", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:strongswan-libs0", "p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo", "p-cpe:/a:novell:suse_linux:strongswan", "p-cpe:/a:novell:suse_linux:strongswan-hmac", "p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo", "p-cpe:/a:novell:suse_linux:strongswan-debugsource"], "id": "SUSE_SU-2015-2183-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87201", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87201);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-8023\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The strongswan package was updated to fix the following security \nissue :\n\n - CVE-2015-8023: Fixed an authentication bypass\n vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8023/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152183-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd438ab1\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2015-934=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2015-934=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-ipsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-libs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-debugsource-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-hmac-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-ipsec-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-ipsec-debuginfo-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-libs0-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"strongswan-libs0-debuginfo-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"strongswan-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"strongswan-debugsource-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"strongswan-ipsec-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"strongswan-ipsec-debuginfo-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"strongswan-libs0-5.1.3-21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"strongswan-libs0-debuginfo-5.1.3-21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-13T17:11:20", "references": ["http://www.nessus.org/u?d111ce17", "http://www.nessus.org/u?43e9da13"], "pluginID": "86889", "description": "Strongswan Release Notes reports :\n\nFixed an authentication bypass vulnerability in the eap-mschapv2 plugin that was caused by insufficient verification of the internal state when handling MSCHAPv2 Success messages received by the client.\nThis vulnerability has been registered as CVE-2015-8023.", "edition": 5, "reporter": "Tenable", "published": "2015-11-17T00:00:00", "title": "FreeBSD : strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin (3eb0ccc2-8c6a-11e5-8519-005056ac623e)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:strongswan"], "id": "FREEBSD_PKG_3EB0CCC28C6A11E58519005056AC623E.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86889", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86889);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/11/10 11:49:44\");\n\n script_cve_id(\"CVE-2015-8023\");\n\n script_name(english:\"FreeBSD : strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin (3eb0ccc2-8c6a-11e5-8519-005056ac623e)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Strongswan Release Notes reports :\n\nFixed an authentication bypass vulnerability in the eap-mschapv2\nplugin that was caused by insufficient verification of the internal\nstate when handling MSCHAPv2 Success messages received by the client.\nThis vulnerability has been registered as CVE-2015-8023.\"\n );\n # https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43e9da13\"\n );\n # https://vuxml.freebsd.org/freebsd/3eb0ccc2-8c6a-11e5-8519-005056ac623e.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d111ce17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"strongswan<5.3.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-30T07:34:39", "references": ["http://www.nessus.org/u?e6a85868", "https://www.suse.com/security/cve/CVE-2015-8023/", "https://bugzilla.suse.com/show_bug.cgi?id=953817"], "pluginID": "87202", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2015-12-04T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : strongswan (SUSE-SU-2015:2186-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-11-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:strongswan", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:strongswan-doc"], "id": "SUSE_SU-2015-2186-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87202", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2186-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87202);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-8023\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : strongswan (SUSE-SU-2015:2186-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The strongswan package was updated to fix the following security \nissue :\n\n - CVE-2015-8023: Fixed an authentication bypass\n vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8023/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152186-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6a85868\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-strongswan-12246=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-strongswan-12246=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-strongswan-12246=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-strongswan-12246=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-strongswan-12246=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-strongswan-12246=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-strongswan-12246=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! ereg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"strongswan-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"strongswan-doc-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"strongswan-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"strongswan-doc-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"strongswan-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"strongswan-doc-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"strongswan-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"strongswan-doc-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"strongswan-doc-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"strongswan-4.4.0-6.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"strongswan-doc-4.4.0-6.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:44:38", "references": ["https://bugzilla.opensuse.org/show_bug.cgi?id=953817"], "pluginID": "87083", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).", "edition": 4, "reporter": "Tenable", "published": "2015-11-30T00:00:00", "title": "openSUSE Security Update : strongswan (openSUSE-2015-810)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2015-11-30T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:strongswan-libs0", "p-cpe:/a:novell:opensuse:strongswan-sqlite-debuginfo", "p-cpe:/a:novell:opensuse:strongswan", "p-cpe:/a:novell:opensuse:strongswan-ipsec", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:strongswan-nm", "p-cpe:/a:novell:opensuse:strongswan-hmac", "p-cpe:/a:novell:opensuse:strongswan-nm-debuginfo", "p-cpe:/a:novell:opensuse:strongswan-sqlite", "p-cpe:/a:novell:opensuse:strongswan-ipsec-debuginfo", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:strongswan-debugsource", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:strongswan-mysql", "p-cpe:/a:novell:opensuse:strongswan-libs0-debuginfo", "p-cpe:/a:novell:opensuse:strongswan-mysql-debuginfo"], "id": "OPENSUSE-2015-810.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87083", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-810.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87083);\n script_version(\"$Revision: 2.1 $\");\n script_cvs_date(\"$Date: 2015/11/30 15:53:21 $\");\n\n script_cve_id(\"CVE-2015-8023\");\n\n script_name(english:\"openSUSE Security Update : strongswan (openSUSE-2015-810)\");\n script_summary(english:\"Check for the openSUSE-2015-810 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The strongswan package was updated to fix the following security \nissue :\n\n - CVE-2015-8023: Fixed an authentication bypass\n vulnerability in the eap-mschapv2 plugin (bsc#953817).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953817\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected strongswan packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-ipsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-ipsec-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-libs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-libs0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-nm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-nm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-sqlite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:strongswan-sqlite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2|SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2 / 42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-debugsource-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-ipsec-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-ipsec-debuginfo-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-libs0-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-libs0-debuginfo-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-mysql-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-mysql-debuginfo-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-nm-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-nm-debuginfo-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-sqlite-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"strongswan-sqlite-debuginfo-5.1.1-14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-debugsource-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-ipsec-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-ipsec-debuginfo-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-libs0-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-libs0-debuginfo-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-mysql-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-mysql-debuginfo-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-nm-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-nm-debuginfo-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-sqlite-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"strongswan-sqlite-debuginfo-5.1.3-4.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-debugsource-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-hmac-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-ipsec-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-ipsec-debuginfo-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-libs0-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-libs0-debuginfo-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-mysql-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-mysql-debuginfo-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-nm-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-nm-debuginfo-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-sqlite-5.2.2-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"strongswan-sqlite-debuginfo-5.2.2-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan / strongswan-debugsource / strongswan-ipsec / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:47:46", "references": ["https://lists.debian.org/debian-lts-announce/2015/11/msg00005.html", "https://packages.debian.org/source/squeeze-lts/strongswan"], "pluginID": "86953", "description": "Tobias Brunner found an authentication bypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin can be tricked into successfully concluding the authentication without providing valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client authentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2015-11-20T00:00:00", "title": "Debian DLA-345-1 : strongswan security update", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-07-06T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:strongswan-nm", "p-cpe:/a:debian:debian_linux:strongswan", "p-cpe:/a:debian:debian_linux:strongswan-starter", "p-cpe:/a:debian:debian_linux:strongswan-ikev2", "p-cpe:/a:debian:debian_linux:libstrongswan", "p-cpe:/a:debian:debian_linux:strongswan-dbg", "p-cpe:/a:debian:debian_linux:strongswan-ikev1"], "id": "DEBIAN_DLA-345.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86953", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-345-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86953);\n script_version(\"2.4\");\n script_cvs_date(\"Date: 2018/07/06 11:26:06\");\n\n script_cve_id(\"CVE-2015-8023\");\n\n script_name(english:\"Debian DLA-345-1 : strongswan security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tobias Brunner found an authentication bypass vulnerability in\nstrongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication :\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/11/msg00005.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/strongswan\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libstrongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-ikev1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-ikev2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-nm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:strongswan-starter\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libstrongswan\", reference:\"4.4.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"strongswan\", reference:\"4.4.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"strongswan-dbg\", reference:\"4.4.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"strongswan-ikev1\", reference:\"4.4.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"strongswan-ikev2\", reference:\"4.4.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"strongswan-nm\", reference:\"4.4.1-5.8\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"strongswan-starter\", reference:\"4.4.1-5.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-11-30T07:20:50", "references": ["http://www.nessus.org/u?46602ced", "https://www.suse.com/security/cve/CVE-2015-8023/", "https://bugzilla.suse.com/show_bug.cgi?id=953817"], "pluginID": "87645", "description": "The strongswan package was updated to fix the following security issue :\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 7, "reporter": "Tenable", "published": "2015-12-29T00:00:00", "title": "SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-2)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-11-29T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:strongswan-ipsec", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:strongswan-libs0", "p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo", "p-cpe:/a:novell:suse_linux:strongswan", "p-cpe:/a:novell:suse_linux:strongswan-hmac", "p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo", "p-cpe:/a:novell:suse_linux:strongswan-debugsource"], "id": "SUSE_SU-2015-2183-2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=87645", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:2183-2.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(87645);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/29 12:03:38\");\n\n script_cve_id(\"CVE-2015-8023\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2015:2183-2)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The strongswan package was updated to fix the following security \nissue :\n\n - CVE-2015-8023: Fixed an authentication bypass\n vulnerability in the eap-mschapv2 plugin (bsc#953817).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8023/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20152183-2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46602ced\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP1-2015-934=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2015-934=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-hmac\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-ipsec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-libs0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/12/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! ereg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-debugsource-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-hmac-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-ipsec-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-ipsec-debuginfo-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-libs0-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"strongswan-libs0-debuginfo-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"strongswan-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"strongswan-debugsource-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"strongswan-ipsec-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"strongswan-ipsec-debuginfo-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"strongswan-libs0-5.1.3-22.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"strongswan-libs0-debuginfo-5.1.3-22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-12-02T15:38:27", "references": ["https://usn.ubuntu.com/2811-1/"], "pluginID": "86896", "description": "It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 6, "reporter": "Tenable", "published": "2015-11-17T00:00:00", "title": "Ubuntu 14.04 LTS / 15.04 / 15.10 : strongswan vulnerability (USN-2811-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-12-01T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:15.04", "cpe:/o:canonical:ubuntu_linux:15.10", "p-cpe:/a:canonical:ubuntu_linux:strongswan-plugin-eap-mschapv2", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2811-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=86896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2811-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86896);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2015-8023\");\n script_xref(name:\"USN\", value:\"2811-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 15.04 / 15.10 : strongswan vulnerability (USN-2811-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the strongSwan eap-mschapv2 plugin incorrectly\nhandled state. A remote attacker could use this issue to bypass\nauthentication.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2811-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected strongswan-plugin-eap-mschapv2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:strongswan-plugin-eap-mschapv2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(14\\.04|15\\.04|15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 15.04 / 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"strongswan-plugin-eap-mschapv2\", pkgver:\"5.1.2-0ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"strongswan-plugin-eap-mschapv2\", pkgver:\"5.1.2-0ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"strongswan-plugin-eap-mschapv2\", pkgver:\"5.1.2-0ubuntu6.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"strongswan-plugin-eap-mschapv2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-19T13:57:09", "references": ["http://www.nessus.org/u?cecc787a", "http://www.nessus.org/u?354b97b7", "https://doc.pfsense.org/index.php/2.2.6_New_Features_and_Changes", "http://www.nessus.org/u?05b5b916"], "pluginID": "106498", "description": "According to its self-reported version number, the remote pfSense install is prior to 2.2.6. It is, therefore, affected by multiple vulnerabilities.", "edition": 11, "reporter": "Tenable", "published": "2018-01-31T00:00:00", "title": "pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Firewalls", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023", "CVE-2015-3195", "CVE-2015-3194", "CVE-2015-3196"], "modified": "2018-09-17T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense"], "id": "PFSENSE_SA-15_11.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=106498", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106498);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/09/17 21:46:53\");\n\n script_cve_id(\n \"CVE-2015-3194\",\n \"CVE-2015-3195\",\n \"CVE-2015-3196\",\n \"CVE-2015-8023\"\n );\n script_bugtraq_id(78622, 78623, 78626, 84947);\n script_xref(name:\"FreeBSD\", value:\"SA-15:26.openssl\");\n\n script_name(english:\"pfSense < 2.2.6 Multiple Vulnerabilities (SA-15_09 / SA-15_10 / SA-15_11)\");\n script_summary(english:\"Checks the version of pfSense.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense\ninstall is prior to 2.2.6. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://doc.pfsense.org/index.php/2.2.6_New_Features_and_Changes\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_09.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?05b5b916\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_10.captiveportal.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cecc787a\");\n # https://www.pfsense.org/security/advisories/pfSense-SA-15_11.webgui.asc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?354b97b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.2.6 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8023\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nif (!get_kb_item(\"Host/pfSense\")) audit(AUDIT_HOST_NOT, \"pfSense\");\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n { \"fixed_version\" : \"2.2.6\" }\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE,\n flags:{xss:TRUE, xsrf:TRUE, sqli:TRUE}\n);\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T13:01:12", "references": ["2811-1", "http://www.ubuntu.com/usn/usn-2811-1/"], "pluginID": "1361412562310842534", "description": "The remote host is missing an update for the ", "edition": 9, "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "published": "2015-11-17T00:00:00", "title": "Ubuntu Update for strongswan USN-2811-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-11-16T00:00:00", "id": "OPENVAS:1361412562310842534", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842534", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for strongswan USN-2811-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842534\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-11-17 05:30:43 +0100 (Tue, 17 Nov 2015)\");\n script_cve_id(\"CVE-2015-8023\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for strongswan USN-2811-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'strongswan'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the strongSwan\neap-mschapv2 plugin incorrectly handled state. A remote attacker could use this\nissue to bypass authentication.\");\n script_tag(name:\"affected\", value:\"strongswan on Ubuntu 15.10,\n Ubuntu 15.04,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2811-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2811-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(15\\.04|14\\.04 LTS|15\\.10)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU15.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"strongswan-plugin-eap-mschapv2\", ver:\"5.1.2-0ubuntu5.3\", rls:\"UBUNTU15.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"strongswan-plugin-eap-mschapv2\", ver:\"5.1.2-0ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"strongswan-plugin-eap-mschapv2\", ver:\"5.1.2-0ubuntu6.2\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-09-01T23:49:51", "references": ["http://www.debian.org/security/2015/dsa-3398.html"], "pluginID": "1361412562310703398", "description": "Tobias Brunner found an authentication\nbypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-11-16T00:00:00", "title": "Debian Security Advisory DSA 3398-1 (strongswan - security update)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2018-04-06T00:00:00", "id": "OPENVAS:1361412562310703398", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703398", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3398.nasl 9355 2018-04-06 07:16:07Z cfischer $\n# Auto-generated from advisory DSA 3398-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703398\");\n script_version(\"$Revision: 9355 $\");\n script_cve_id(\"CVE-2015-8023\");\n script_name(\"Debian Security Advisory DSA 3398-1 (strongswan - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2018-04-06 09:16:07 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value: \"2015-11-16 00:00:00 +0100 (Mon, 16 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3398.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"strongswan on Debian Linux\");\n script_tag(name: \"insight\", value: \"The strongSwan VPN suite is based on\nthe IPsec stack in standard Linux 2.6 kernels. It supports both the IKEv1 and\nIKEv2 protocols.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 5.3.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.3.3-3.\n\nWe recommend that you upgrade your strongswan packages.\");\n script_tag(name: \"summary\", value: \"Tobias Brunner found an authentication\nbypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication:\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:52:37", "references": ["http://www.debian.org/security/2015/dsa-3398.html"], "pluginID": "703398", "description": "Tobias Brunner found an authentication\nbypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt", "edition": 3, "reporter": "Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net", "published": "2015-11-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Debian Security Advisory DSA 3398-1 (strongswan - security update)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8023"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=703398", "id": "OPENVAS:703398", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3398.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3398-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703398);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-8023\");\n script_name(\"Debian Security Advisory DSA 3398-1 (strongswan - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-11-16 00:00:00 +0100 (Mon, 16 Nov 2015)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3398.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"strongswan on Debian Linux\");\n script_tag(name: \"insight\", value: \"The strongSwan VPN suite is based on\nthe IPsec stack in standard Linux 2.6 kernels. It supports both the IKEv1 and\nIKEv2 protocols.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy),\nthis problem has been fixed in version 4.5.2-1.5+deb7u8.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 5.2.1-6+deb8u2.\n\nFor the testing distribution (stretch), this problem has been fixed\nin version 5.3.3-3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 5.3.3-3.\n\nWe recommend that you upgrade your strongswan packages.\");\n script_tag(name: \"summary\", value: \"Tobias Brunner found an authentication\nbypass vulnerability in strongSwan, an IKE/IPsec suite.\n\nDue to insufficient validation of its local state the server\nimplementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin\ncan be tricked into successfully concluding the authentication without\nproviding valid credentials.\n\nIt's possible to recognize such attacks by looking at the server logs.\nThe following log message would be seen during the client\nauthentication:\n\nEAP method EAP_MSCHAPV2 succeeded, no MSK established\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"4.5.2-1.5+deb7u8\", rls_regex:\"DEB7.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.3.3-3\", rls_regex:\"DEB9.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"charon-cmd\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcharon-extra-plugins\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-extra-plugins\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libstrongswan-standard-plugins\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-charon\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-dbg\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ike\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev1\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-ikev2\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-libcharon\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-nm\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"strongswan-starter\", ver:\"5.2.1-6+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "suse": [{"lastseen": "2016-09-04T11:57:45", "references": ["https://bugzilla.suse.com/953817"], "affectedPackage": [{"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-5.1.3-22.1.s390x.rpm", "packageName": "strongswan", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-libs0-debuginfo-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-libs0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-libs0-5.1.3-22.1.s390x.rpm", "packageName": "strongswan-libs0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-ipsec-debuginfo-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan-ipsec-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-debugsource-5.1.3-22.1.s390x.rpm", "packageName": "strongswan-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-ipsec-debuginfo-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-ipsec-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-debugsource-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-libs0-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan-libs0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-ipsec-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-ipsec", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-libs0-debuginfo-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan-libs0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-hmac-5.1.3-22.1.s390x.rpm", "packageName": "strongswan-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-debugsource-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-ipsec-debuginfo-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-ipsec-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-hmac-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-debugsource-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-debugsource", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-ipsec-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan-ipsec", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-ipsec-debuginfo-5.1.3-22.1.s390x.rpm", "packageName": "strongswan-ipsec-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-hmac-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan-hmac", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "noarch", "packageFilename": "strongswan-doc-5.1.3-22.1.noarch.rpm", "packageName": "strongswan-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "noarch", "packageFilename": "strongswan-doc-5.1.3-22.1.noarch.rpm", "packageName": "strongswan-doc", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-ipsec-5.1.3-22.1.s390x.rpm", "packageName": "strongswan-ipsec", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "s390x", "packageFilename": "strongswan-libs0-debuginfo-5.1.3-22.1.s390x.rpm", "packageName": "strongswan-libs0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-libs0-debuginfo-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-libs0-debuginfo", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-libs0-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-libs0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "ppc64le", "packageFilename": "strongswan-5.1.3-22.1.ppc64le.rpm", "packageName": "strongswan", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Server", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-libs0-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-libs0", "operator": "lt"}, {"OS": "SUSE Linux Enterprise Desktop", "OSVersion": "12.1", "packageVersion": "5.1.3-22.1", "arch": "x86_64", "packageFilename": "strongswan-ipsec-5.1.3-22.1.x86_64.rpm", "packageName": "strongswan-ipsec", "operator": "lt"}], "description": "The strongswan package was updated to fix the following security issue:\n\n - CVE-2015-8023: Fixed an authentication bypass vulnerability in the\n eap-mschapv2 plugin (bsc#953817).\n\n", "edition": 1, "reporter": "Suse", "published": "2015-12-21T23:10:52", "title": "Security update for strongswan (important)", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8023"], "modified": "2015-12-21T23:10:52", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00025.html", "id": "SUSE-SU-2015:2183-2", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:12", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8023"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "packageVersion": "5.1.2-0ubuntu2.4", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "strongswan-plugin-eap-mschapv2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.10", "packageVersion": "5.1.2-0ubuntu6.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "strongswan-plugin-eap-mschapv2", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "15.04", "packageVersion": "5.1.2-0ubuntu5.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "strongswan-plugin-eap-mschapv2", "operator": "lt"}], "description": "It was discovered that the strongSwan eap-mschapv2 plugin incorrectly handled state. A remote attacker could use this issue to bypass authentication.", "edition": 3, "reporter": "Ubuntu", "published": "2015-11-16T00:00:00", "title": "strongSwan vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2015-8023"], "modified": "2015-11-16T00:00:00", "id": "USN-2811-1", "href": "https://usn.ubuntu.com/2811-1/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}