[strongSwan] strongSwan RSA signature vulnerability

Martin Willi martin at strongswan.org
Thu May 31 17:23:43 CEST 2012

We have been informed about a security vulnerability in
strongSwan. If the strongSwan "gmp" plugin is used for RSA signature
verification, an empty or zeroed signature is handled as a legitimate
one. CVE-2012-2388 has been reserved for this vulnerability.

To exploit the vulnerability, a connection definition using RSA
authentication is required. An attacker presenting a forged signature
and/or certificate can authenticate as any legitimate user. strongSwan
version back to 4.2.0 and up to 4.6.3 are affected, using both IKEv1 and
IKEv2. Injecting code is not possible by such an attack.

The patch at [1] fixes the vulnerability and should apply to all
affected versions. Please update your installations as soon as possible.
strongSwan 4.6.4 including the fix is available at [2], the release
announcement will follow soon.

Our apologies for having such a serious vulnerability in the strongSwan

Kind Regards


More information about the Users mailing list