Debian Security Advisory
DSA-2483-1 strongswan -- authentication bypass
- Date Reported:
- 31 May 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-2388.
- More information:
An authentication bypass issue was discovered by the Codenomicon CROSS project in strongSwan, an IPsec-based VPN solution. When using RSA-based setups, a missing check in the gmp plugin could allow an attacker presenting a forged signature to successfully authenticate against a strongSwan responder.
The default configuration in Debian does not use the gmp plugin for RSA operations but rather the OpenSSL plugin, so the packages as shipped by Debian are not vulnerable.
For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-5.2.
For the testing distribution (wheezy), this problem has been fixed in version 4.5.2-1.4.
For the unstable distribution (sid), this problem has been fixed in version 4.5.2-1.4.
We recommend that you upgrade your strongswan packages.