Lucene search

K
ubuntucveUbuntu.comUB:CVE-2012-2388
HistoryJun 27, 2012 - 12:00 a.m.

CVE-2012-2388

2012-06-2700:00:00
ubuntu.com
ubuntu.com
8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.2%

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to
bypass authentication via a (1) empty or (2) zeroed RSA signature, aka “RSA
signature verification vulnerability.”

Bugs

Notes

Author Note
tyhicks Per the DSA, the default configuration does not use GMP for RSA operations and is not vulnerable in that configuration.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.018

Percentile

88.2%