Lucene search
K

11 matches found

OpenVAS
OpenVAS
added 2013/04/30 12:0 a.m.27 views

Debian Security Advisory DSA 2665-1 (strongswan - authentication bypass)

Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the OpenSSL plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. An attacker could use a forged signature to authenticate like a...

7.5CVSS0.3AI score0.03281EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/01/25 12:0 a.m.19 views

SuSE 11.1 Security Update : strongswan (SAT Patch Number 6333)

This update fixed a security issue in strongswan's 'gmp' plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user. CVE-2012-2388 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

7.5CVSS8.2AI score0.03281EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.26 views

Fedora Update for strongswan FEDORA-2012-8815

Check for the Version of strongswan OpenVAS Vulnerability Test Fedora Update for strongswan FEDORA-2012-8815 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

7.5CVSS9.5AI score0.03281EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.17 views

Fedora Update for strongswan FEDORA-2012-8815

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS6.5AI score0.03281EPSS
Exploits0References2
OSV
OSV
added 2012/06/27 9:55 p.m.6 views

CVE-2012-2388

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a 1 empty or 2 zeroed RSA signature, aka "RSA signature verification vulnerability."...

6.5AI score
Exploits0References11
CVE
CVE
added 2012/06/27 9:0 p.m.90 views

CVE-2012-2388

CVE-2012-2388 affects strongSwan, specifically the GMP plugin, where an empty or zeroed RSA signature could bypass authentication. Affected versions are 4.2.0–4.6.3; the issue is addressed in 4.6.4 (and related security advisories). Root cause: GMP plugin’s RSA signature verification incorrectly ...

7.5CVSS6.6AI score0.03281EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/06/11 12:0 a.m.26 views

Fedora 17 : strongswan-4.6.4-1.fc17 (2012-8815)

RSA signature verification vulnerability CVE-2012-2388 Fix bug 821733 and update to new upstream version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much ...

7.5CVSS8.1AI score0.03281EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/06/11 12:0 a.m.26 views

Fedora Update for strongswan FEDORA-2012-8821

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS6.5AI score0.03281EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/06/04 12:0 a.m.28 views

SuSE 10 Security Update : strongswan (ZYPP Patch Number 8138)

This update fixed a security issue in strongswan's 'gmp' plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user. CVE-2012-2388 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

7.5CVSS8.2AI score0.03281EPSS
Exploits0References2
ALT Linux
ALT Linux
added 2012/06/01 12:0 a.m.25 views

Security fix for the ALT Linux 6 package strongswan version 4.6.4-alt1

June 1, 2012 Michael Shigorin 4.6.4-alt1 - 4.6.4 + CVE-2012-2388 is fixed an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user provided that "gmp" plugin is in use and a connection definition using RSA auth exists...

7.5CVSS5.9AI score0.03281EPSS
Exploits0
ALT Linux
ALT Linux
added 2012/06/01 12:0 a.m.28 views

Security fix for the ALT Linux 7 package strongswan version 4.6.4-alt1

June 1, 2012 Michael Shigorin 4.6.4-alt1 - 4.6.4 + CVE-2012-2388 is fixed an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user provided that "gmp" plugin is in use and a connection definition using RSA auth exists...

7.5CVSS5.9AI score0.03281EPSS
Exploits0
Rows per page
Query Builder