Bug 1094462 – VUL-0: CVE-2018-5388: strongswan: buffer underflow in stroke_socket.c

Bug 1094462 - (CVE-2018-5388) VUL-0: CVE-2018-5388: strongswan: buffer underflow in stroke_socket.c

(CVE-2018-5388)
Summary:	VUL-0: CVE-2018-5388: strongswan: buffer underflow in stroke_socket.c

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Manuel Buil
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/206358/
Whiteboard:	CVSSv3:SUSE:CVE-2018-5388:6.5:(AV:N/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-05-24 08:09 UTC by Karol Babioch
Modified:	2021-01-07 10:40 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Flags:	nirmoy.das: needinfo? (mmnelemane)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-05-24 08:09:33 UTC

A flaw was found in strongSwan VPN's charon server prior to version 5.6.3. In stroke_socket.c, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. A remote attacker with local user credentials (possibly a normal user in the vpn group, or root) may be able to underflow the buffer and cause a denial of service.

References:
https://www.kb.cert.org/vuls/id/338343

Patch:
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1581867
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5388
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5388.html
https://www.kb.cert.org/vuls/id/338343

Comment 3 Bjørn Lie 2018-06-06 22:42:41 UTC

https://build.opensuse.org/request/show/614748 -- fix for Factory subbed to develproject

Comment 6 Madhu Mohan Nelemane 2019-11-13 16:13:41 UTC

Patches submitted for:

SLE-12_Update - https://build.suse.de/request/show/205053
SLE-15_Update - https://build.suse.de/request/show/205067

Comment 7 Madhu Mohan Nelemane 2019-11-13 16:28:23 UTC

SLE-11-SP1 - https://build.suse.de/request/show/205070

Comment 12 Swamp Workflow Management 2019-11-25 20:21:31 UTC

SUSE-SU-2019:3056-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1093536,1094462,1107874,1109845
CVE References: CVE-2018-10811,CVE-2018-16151,CVE-2018-16152,CVE-2018-17540,CVE-2018-5388
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    strongswan-5.6.0-4.3.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    strongswan-5.6.0-4.3.2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    strongswan-5.6.0-4.3.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    strongswan-5.6.0-4.3.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    strongswan-5.6.0-4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 13 Swamp Workflow Management 2019-11-30 23:12:29 UTC

openSUSE-SU-2019:2594-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1093536,1094462,1107874,1109845
CVE References: CVE-2018-10811,CVE-2018-16151,CVE-2018-16152,CVE-2018-17540,CVE-2018-5388
Sources used:
openSUSE Leap 15.0 (src):    strongswan-5.6.0-lp150.3.3.1

Comment 14 Swamp Workflow Management 2019-12-01 05:11:59 UTC

openSUSE-SU-2019:2598-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1093536,1094462,1107874,1109845
CVE References: CVE-2018-10811,CVE-2018-16151,CVE-2018-16152,CVE-2018-17540,CVE-2018-5388
Sources used:
openSUSE Leap 15.1 (src):    strongswan-5.6.0-lp151.4.3.1

Comment 15 Swamp Workflow Management 2019-12-11 14:19:13 UTC

SUSE-SU-2019:3266-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1009254,1071853,1093536,1094462,1107874,1109845
CVE References: CVE-2018-10811,CVE-2018-16151,CVE-2018-16152,CVE-2018-17540,CVE-2018-5388
Sources used:
SUSE OpenStack Cloud 8 (src):    strongswan-5.1.3-26.13.1
SUSE OpenStack Cloud 7 (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP5 (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP4 (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    strongswan-5.1.3-26.13.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    strongswan-5.1.3-26.13.1
SUSE Enterprise Storage 5 (src):    strongswan-5.1.3-26.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 16 Manuel Buil 2021-01-07 10:40:23 UTC

Patches were provided and accepted. I guess we can close this one