Bugzilla – Bug 933591
VUL-0: CVE-2015-4171: strongswan: rogue servers vulnerability
Last modified: 2016-04-27 20:56:28 UTC
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-06-22. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61897
This is an autogenerated message for OBS integration: This bug (933591) was mentioned in https://build.opensuse.org/request/show/311156 13.2 / strongswan https://build.opensuse.org/request/show/311157 13.1 / strongswan https://build.opensuse.org/request/show/311158 Factory / strongswan
was made public today. https://wiki.strongswan.org/projects/strongswan/wiki/Changelog53 https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%28cve-2015-4171%29.html An information leak vulnerability that affects certain IKEv2 setups was discovered in strongSwan. All versions since 4.3.0 are affected. Alexander E. Patrakov recently reported a vulnerability in strongSwan that may enable rogue servers to obtain user credentials from a client in certain IKEv2 setups. Affected are all strongSwan versions since 4.3.0, up to 5.3.1. CVE-2015-4171 has been assigned for this vulnerability. The problem occurs in IKEv2 connections where the server is authenticated with a certificate and the client authenticates itself with EAP or pre-shared keys. Any constraints the client has for the server's authentication (e.g. rightid or rightca) are only enforced after all authentication rounds are completed successfully. A rogue server that is able to authenticate itself with a valid certificate issued by any CA the client trusts is, therefore, able to trick the client into continuing its authentication. In case of EAP this causes the client to reveal its username and password digest, and if it accepts EAP-GTC it is even possible to force it into sending a plaintext password. Please refer to the email by Alexander for a practical example. Fix The just released strongSwan 5.3.2 fixes this vulnerability. For older releases we provide patches that fix the vulnerability in the respective versions and should apply with appropriate hunk offsets. For Android an updated version of our app was pushed to the store and should be available in a few hours.
openSUSE-SU-2015:1082-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 933591 CVE References: CVE-2015-4171 Sources used: openSUSE 13.2 (src): strongswan-5.1.3-4.11.1 openSUSE 13.1 (src): strongswan-5.1.1-11.1
SUSE-SU-2015:1196-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 933591 CVE References: CVE-2015-4171 Sources used: SUSE Linux Enterprise Server 12 (src): strongswan-5.1.3-18.1 SUSE Linux Enterprise Desktop 12 (src): strongswan-5.1.3-18.1
SUSE-SU-2015:1227-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 933591 CVE References: CVE-2015-4171 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): strongswan-4.4.0-6.27.1 SUSE Linux Enterprise Server 11 SP3 (src): strongswan-4.4.0-6.27.1 SUSE Linux Enterprise Desktop 11 SP3 (src): strongswan-4.4.0-6.27.1
SUSE-SU-2015:1228-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 876449,933591 CVE References: CVE-2014-2891,CVE-2015-4171 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): strongswan-4.4.0-6.19.1
SUSE-SU-2015:1791-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 933591 CVE References: CVE-2015-4171 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): strongswan-4.4.0-6.29.2 SUSE Linux Enterprise Debuginfo 11-SP4 (src): strongswan-4.4.0-6.29.2
released