[strongSwan-dev] ANNOUNCE: strongSwan-5.0.4 released / ECDSA signature vulnerability (CVE-2013-2944)

Tobias Brunner tobias at strongswan.org
Tue Apr 30 14:00:11 CEST 2013


We just released strongSwan 5.0.4, which fixes a security vulnerability
(CVE-2013-2944) that exists in all versions since 4.3.5 and up to 5.0.3.

If the strongSwan "openssl" plugin is used for ECDSA signature
verification, an empty, zeroed or otherwise invalid signature is handled
as a legitimate one.

Affected are only installations that have enabled and loaded the OpenSSL
crypto backend (--enable-openssl).  Builds using the default crypto
backends are not affected.

While this new ECDSA vulnerability is very similar to the RSA signature
vulnerability CVE-2012-2388, it is not directly related.

A connection definition using ECDSA authentication is required to
exploit this vulnerability.  Given that, an attacker presenting a forged
signature and/or certificate can authenticate as any legitimate user.
Injecting code is not possible by such an attack.

The patch at [1] fixes the vulnerability and should apply to all
affected versions.  strongSwan 5.0.4 includes the fix and other minor
changes and can be downloaded from [2].

This vulnerability was discovered by Kevin Wojtysiak, an independent
Security Consultant.  We want to express our thanks to Kevin for
notifying us in advance about this critical security issue.

The above information can also be found in our blog entry at [3].

Our apologies for having such a serious vulnerability in the strongSwan

Kind Regards,

[1] http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/
[2] http://www.strongswan.org/download.html
[3] http://www.strongswan.org/strongswan-5.0.4-released-(cve-2013-2944).html

More information about the Dev mailing list