Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : strongSwan vulnerability (USN-5651-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5651-1 advisory. Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificates. A...

USN-5651-1 strongswan vulnerability

Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificates. A remote attacker could possibly use this issue to initiate IKESAs and send crafted certificates that contain URIs pointing to servers under their control, which...

UBUNTU-CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

strongswan -- DOS attack vulnerability

Lahav Schlesinger reported a bug related to online certificate revocation checking that can lead to a denial-of-service attack...

PT-2022-7595 · Unknown +5 · Strongswan +5

Name of the Vulnerable Software and Affected Versions: strongSwan versions prior to 5.9.8 Description: The issue is related to an uncontrolled resource consumption in the revocation plugin of the StrongSwan VPN client. It allows a remote attacker to cause a denial of service by sending a crafted...

CVE-2022-40617

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...

CVE-2022-37193

Chipolo ONE Bluetooth tracker 2020 Chipolo iOS app version 4.13.0 is vulnerable to Incorrect Access Control. Chipolo devices suffer from access revocation evasion attacks once the malicious sharee obtains the access credentials...

Vesting revoke will disallow receiver from receiving already unlocked tokens

Lines of code Vulnerability details Impact Unfair loss of tokens for the receiver. Proof of Concept Vesting is used by employers to align incentives in startups and prevent employees from leaving the company if they want to get the vested tokens. This is why a revoke function was included. From t...

An admin can revoke a claim even after the end date

Lines of code Vulnerability details From the contest description it seems that the sponsor doesn't intend to allow admin to revoke a claim after it end: our vesting contract is deliberately designed to allow admin revocation in the circumstances of early employment termination before the end of...

An admin can revoke the claim of a given claimant at any time then withdraw the claim due to said claimant.

Lines of code Vulnerability details Impact I understand the reasoning why admins are given the ability to revoke claims but that power in combination with the fact that an admin can then withdraw said claim that was due to a claimant gives rug vibes. This ability should at least be behind a...

Overflow can make a claim impossible to revoke by the admin and fully withdraw by the recipient

Lines of code Vulnerability details Impact In contract VTVLVesting.sol, the multiplication in function baseVestedAmount can overflow for big enough values of truncatedCurrentVestingDurationSecs and linearVestAmount. This means the claim could be successfully created by the admin, but could NEVER ...

Employee can be unable to withdraw claimable amount that she or he deserves after admin revokes her or his claim

Lines of code Vulnerability details Impact When an employee has an active claim, this employee can call the following withdraw function to withdraw the claimable amount that she or he is entitled to, which would increase her or his claim's amountWithdrawn. Because the employee is free to call...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

Design/Logic Flaw

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

CVE-2022-23950

In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...

PT-2022-16361 · Keylime · Keylime

Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 6.3.0 Description: The issue arises from the Revocation Notifier in Keylime using a fixed /tmp path for a UNIX domain socket. This can be exploited by unprivileged users to prohibit Keylime operations. Recommendation...