11 matches found
Debian Security Advisory DSA 2665-1 (strongswan - authentication bypass)
Kevin Wojtysiak discovered a vulnerability in strongSwan, an IPsec based VPN solution. When using the OpenSSL plugin for ECDSA based authentication, an empty, zeroed or otherwise invalid signature is handled as a legitimate one. An attacker could use a forged signature to authenticate like a...
SuSE 11.1 Security Update : strongswan (SAT Patch Number 6333)
This update fixed a security issue in strongswan's 'gmp' plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user. CVE-2012-2388 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...
Fedora Update for strongswan FEDORA-2012-8815
Check for the Version of strongswan OpenVAS Vulnerability Test Fedora Update for strongswan FEDORA-2012-8815 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...
Fedora Update for strongswan FEDORA-2012-8815
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2012-2388
The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a 1 empty or 2 zeroed RSA signature, aka "RSA signature verification vulnerability."...
CVE-2012-2388
CVE-2012-2388 affects strongSwan, specifically the GMP plugin, where an empty or zeroed RSA signature could bypass authentication. Affected versions are 4.2.0–4.6.3; the issue is addressed in 4.6.4 (and related security advisories). Root cause: GMP plugin’s RSA signature verification incorrectly ...
Fedora 17 : strongswan-4.6.4-1.fc17 (2012-8815)
RSA signature verification vulnerability CVE-2012-2388 Fix bug 821733 and update to new upstream version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much ...
Fedora Update for strongswan FEDORA-2012-8821
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SuSE 10 Security Update : strongswan (ZYPP Patch Number 8138)
This update fixed a security issue in strongswan's 'gmp' plugin which could be exploited by attackers to forge RSA signature/certificate to authenticate as any legitimate user. CVE-2012-2388 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
Security fix for the ALT Linux 6 package strongswan version 4.6.4-alt1
June 1, 2012 Michael Shigorin 4.6.4-alt1 - 4.6.4 + CVE-2012-2388 is fixed an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user provided that "gmp" plugin is in use and a connection definition using RSA auth exists...
Security fix for the ALT Linux 7 package strongswan version 4.6.4-alt1
June 1, 2012 Michael Shigorin 4.6.4-alt1 - 4.6.4 + CVE-2012-2388 is fixed an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user provided that "gmp" plugin is in use and a connection definition using RSA auth exists...