Security Information / 2014 / Security Information -- DSA-2903-1 strongswan

Debian Security Advisory

DSA-2903-1 strongswan -- security update

Date Reported:

14 Apr 2014

Affected Packages:

strongswan

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-2338.

More information:

An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly.

An attacker can trigger the vulnerability by rekeying an unestablished IKE_SA during the initiation itself. This will trick the IKE_SA state to established without the need to provide any valid credential.

Vulnerable setups include those actively initiating IKEv2 IKE_SA (like ”clients” or “roadwarriors”) but also during re-authentication (which can be initiated by the responder). Installations using IKEv1 (pluto daemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not affected.

For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.5.

For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u3.

For the unstable distribution (sid), this problem has been fixed in version 5.1.2-4.

We recommend that you upgrade your strongswan packages.