Debian Security Advisory
DSA-2903-1 strongswan -- security update
- Date Reported:
- 14 Apr 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-2338.
- More information:
An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly.
An attacker can trigger the vulnerability by rekeying an unestablished IKE_SA during the initiation itself. This will trick the IKE_SA state to
establishedwithout the need to provide any valid credential.
Vulnerable setups include those actively initiating IKEv2 IKE_SA (like ”clients” or “roadwarriors”) but also during re-authentication (which can be initiated by the responder). Installations using IKEv1 (pluto daemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not affected.
For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.5.
For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u3.
For the unstable distribution (sid), this problem has been fixed in version 5.1.2-4.
We recommend that you upgrade your strongswan packages.