[3.6] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)
A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of
service while reading from the socket. A remote attacker with
local user credentials (possibly a normal user in the vpn group, or
root) may be able to overflow the buffer and cause a denial of service.
Fixed In Version:
strongswan 5.6.3
References:
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
https://www.kb.cert.org/vuls/id/338343
Patch:
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
(from redmine: issue id 8956, created on 2018-05-31, closed on 2018-06-11)
- Relations:
- copied_to #8953 (closed)
- parent #8953 (closed)