search menu icon-carat-right cmu-wordmark

CERT Coordination Center

strongSwan VPN charon server vulnerable to buffer underflow

Vulnerability Note VU#338343

Original Release Date: 2018-05-23 | Last Revised: 2018-06-13

Overview

strongSwan VPN's charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow, resulting in denial of service.

Description

CWE-124: Buffer Underwrite ('Buffer Underflow') - CVE-2018-5388

In stroke_socket.c, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

According to the vendor, an attacker must typically have local root permissions to access the socket. However, other accounts and groups such as the vpn group (if capability dropping in enabled, for example) may also have sufficient permissions, but this configuration does not appear to be the default behavior.

Impact

A remote attacker with local user credentials (possibly a normal user in the vpn group, or root) may be able to underflow the buffer and cause a denial of service.

Solution

Apply an update

StrongSwan version 5.6.3 and above contain a patch for this issue.

Vendor Information

338343
 
Affected   Unknown   Unaffected

SUSE Linux

Notified:  May 23, 2018 Updated:  May 24, 2018

Statement Date:   May 24, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

An updated version of strongSwan is expected to become available shortly. Further details can be read in the advisory.

Vendor References

strongSwan

Notified:  March 21, 2018 Updated:  May 24, 2018

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

StrongSwan version 5.6.3 and above contain a patch for this issue.

ASP Linux

Notified:  May 23, 2018 Updated:  May 23, 2018

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor References

    Alpine Linux

    Notified:  May 23, 2018 Updated:  May 23, 2018

    Status

      Unknown

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor References

      Arch Linux

      Notified:  May 23, 2018 Updated:  May 23, 2018

      Status

        Unknown

      Vendor Statement

      No statement is currently available from the vendor regarding this vulnerability.

      Vendor References

        Arista Networks, Inc.

        Notified:  May 23, 2018 Updated:  May 23, 2018

        Status

          Unknown

        Vendor Statement

        No statement is currently available from the vendor regarding this vulnerability.

        Vendor References

          CentOS

          Notified:  May 23, 2018 Updated:  May 23, 2018

          Status

            Unknown

          Vendor Statement

          No statement is currently available from the vendor regarding this vulnerability.

          Vendor References

            CoreOS

            Notified:  May 23, 2018 Updated:  May 23, 2018

            Status

              Unknown

            Vendor Statement

            No statement is currently available from the vendor regarding this vulnerability.

            Vendor References

              Debian GNU/Linux

              Notified:  May 23, 2018 Updated:  May 23, 2018

              Status

                Unknown

              Vendor Statement

              No statement is currently available from the vendor regarding this vulnerability.

              Vendor References

                ENEA

                Notified:  May 23, 2018 Updated:  May 23, 2018

                Status

                  Unknown

                Vendor Statement

                No statement is currently available from the vendor regarding this vulnerability.

                Vendor References

                  Fedora Project

                  Notified:  May 23, 2018 Updated:  May 23, 2018

                  Status

                    Unknown

                  Vendor Statement

                  No statement is currently available from the vendor regarding this vulnerability.

                  Vendor References

                    Geexbox

                    Notified:  May 23, 2018 Updated:  May 23, 2018

                    Status

                      Unknown

                    Vendor Statement

                    No statement is currently available from the vendor regarding this vulnerability.

                    Vendor References

                      Gentoo Linux

                      Notified:  May 23, 2018 Updated:  May 23, 2018

                      Status

                        Unknown

                      Vendor Statement

                      No statement is currently available from the vendor regarding this vulnerability.

                      Vendor References

                        HomeSeer

                        Notified:  May 23, 2018 Updated:  May 23, 2018

                        Status

                          Unknown

                        Vendor Statement

                        No statement is currently available from the vendor regarding this vulnerability.

                        Vendor References

                          Micro Focus

                          Notified:  May 23, 2018 Updated:  May 23, 2018

                          Status

                            Unknown

                          Vendor Statement

                          No statement is currently available from the vendor regarding this vulnerability.

                          Vendor References

                            MontaVista Software, Inc.

                            Notified:  May 23, 2018 Updated:  May 23, 2018

                            Status

                              Unknown

                            Vendor Statement

                            No statement is currently available from the vendor regarding this vulnerability.

                            Vendor References

                              Openwall GNU/*/Linux

                              Notified:  May 23, 2018 Updated:  May 23, 2018

                              Status

                                Unknown

                              Vendor Statement

                              No statement is currently available from the vendor regarding this vulnerability.

                              Vendor References

                                Red Hat, Inc.

                                Notified:  May 23, 2018 Updated:  May 23, 2018

                                Status

                                  Unknown

                                Vendor Statement

                                No statement is currently available from the vendor regarding this vulnerability.

                                Vendor References

                                  Slackware Linux Inc.

                                  Notified:  May 23, 2018 Updated:  May 23, 2018

                                  Status

                                    Unknown

                                  Vendor Statement

                                  No statement is currently available from the vendor regarding this vulnerability.

                                  Vendor References

                                    Tizen

                                    Notified:  May 23, 2018 Updated:  May 23, 2018

                                    Status

                                      Unknown

                                    Vendor Statement

                                    No statement is currently available from the vendor regarding this vulnerability.

                                    Vendor References

                                      Turbolinux

                                      Notified:  May 23, 2018 Updated:  May 23, 2018

                                      Status

                                        Unknown

                                      Vendor Statement

                                      No statement is currently available from the vendor regarding this vulnerability.

                                      Vendor References

                                        Ubuntu

                                        Notified:  May 23, 2018 Updated:  May 23, 2018

                                        Status

                                          Unknown

                                        Vendor Statement

                                        No statement is currently available from the vendor regarding this vulnerability.

                                        Vendor References

                                          View all 22 vendors View less vendors


                                          CVSS Metrics

                                          Group Score Vector
                                          Base 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C
                                          Temporal 3.8 E:POC/RL:OF/RC:C
                                          Environmental 3.9 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

                                          References

                                          Acknowledgements

                                          Thanks to Kevin Backhouse of Semmle Ltd. for reporting this vulnerability.

                                          This document was written by Garret Wassermann.

                                          Other Information

                                          CVE IDs: CVE-2018-5388
                                          Date Public: 2018-05-22
                                          Date First Published: 2018-05-23
                                          Date Last Updated: 2018-06-13 16:07 UTC
                                          Document Revision: 39

                                          Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.