search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

strongSwan VPN charon server vulnerable to buffer underflow

Vulnerability Note VU#338343

Original Release Date: 2018-05-23 | Last Revised: 2018-06-13

Overview

strongSwan VPN's charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow, resulting in denial of service.

Description

CWE-124: Buffer Underwrite ('Buffer Underflow') - CVE-2018-5388

In stroke_socket.c, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.

According to the vendor, an attacker must typically have local root permissions to access the socket. However, other accounts and groups such as the vpn group (if capability dropping in enabled, for example) may also have sufficient permissions, but this configuration does not appear to be the default behavior.

Impact

A remote attacker with local user credentials (possibly a normal user in the vpn group, or root) may be able to underflow the buffer and cause a denial of service.

Solution

Apply an update

StrongSwan version 5.6.3 and above contain a patch for this issue.

Vendor Information

338343
 
Expand all

SUSE Linux Affected

Notified:  May 23, 2018 Updated: May 24, 2018

Statement Date:   May 24, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

An updated version of strongSwan is expected to become available shortly. Further details can be read in the advisory.

Vendor References

strongSwan Affected

Notified:  March 21, 2018 Updated: May 24, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

StrongSwan version 5.6.3 and above contain a patch for this issue.

ASP Linux Unknown

Notified:  May 23, 2018 Updated: May 23, 2018

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor References

    Alpine Linux Unknown

    Notified:  May 23, 2018 Updated: May 23, 2018

    Status

    Unknown

    Vendor Statement

    We have not received a statement from the vendor.

    Vendor References

      Arch Linux Unknown

      Notified:  May 23, 2018 Updated: May 23, 2018

      Status

      Unknown

      Vendor Statement

      We have not received a statement from the vendor.

      Vendor References

        Arista Networks, Inc. Unknown

        Notified:  May 23, 2018 Updated: May 23, 2018

        Status

        Unknown

        Vendor Statement

        We have not received a statement from the vendor.

        Vendor References

          CentOS Unknown

          Notified:  May 23, 2018 Updated: May 23, 2018

          Status

          Unknown

          Vendor Statement

          We have not received a statement from the vendor.

          Vendor References

            CoreOS Unknown

            Notified:  May 23, 2018 Updated: May 23, 2018

            Status

            Unknown

            Vendor Statement

            We have not received a statement from the vendor.

            Vendor References

              Debian GNU/Linux Unknown

              Notified:  May 23, 2018 Updated: May 23, 2018

              Status

              Unknown

              Vendor Statement

              We have not received a statement from the vendor.

              Vendor References

                ENEA Unknown

                Notified:  May 23, 2018 Updated: May 23, 2018

                Status

                Unknown

                Vendor Statement

                We have not received a statement from the vendor.

                Vendor References

                  Fedora Project Unknown

                  Notified:  May 23, 2018 Updated: May 23, 2018

                  Status

                  Unknown

                  Vendor Statement

                  We have not received a statement from the vendor.

                  Vendor References

                    Geexbox Unknown

                    Notified:  May 23, 2018 Updated: May 23, 2018

                    Status

                    Unknown

                    Vendor Statement

                    We have not received a statement from the vendor.

                    Vendor References

                      Gentoo Linux Unknown

                      Notified:  May 23, 2018 Updated: May 23, 2018

                      Status

                      Unknown

                      Vendor Statement

                      We have not received a statement from the vendor.

                      Vendor References

                        HomeSeer Unknown

                        Notified:  May 23, 2018 Updated: May 23, 2018

                        Status

                        Unknown

                        Vendor Statement

                        We have not received a statement from the vendor.

                        Vendor References

                          Micro Focus Unknown

                          Notified:  May 23, 2018 Updated: May 23, 2018

                          Status

                          Unknown

                          Vendor Statement

                          We have not received a statement from the vendor.

                          Vendor References

                            MontaVista Software, Inc. Unknown

                            Notified:  May 23, 2018 Updated: May 23, 2018

                            Status

                            Unknown

                            Vendor Statement

                            We have not received a statement from the vendor.

                            Vendor References

                              Openwall GNU/*/Linux Unknown

                              Notified:  May 23, 2018 Updated: May 23, 2018

                              Status

                              Unknown

                              Vendor Statement

                              We have not received a statement from the vendor.

                              Vendor References

                                Red Hat, Inc. Unknown

                                Notified:  May 23, 2018 Updated: May 23, 2018

                                Status

                                Unknown

                                Vendor Statement

                                We have not received a statement from the vendor.

                                Vendor References

                                  Slackware Linux Inc. Unknown

                                  Notified:  May 23, 2018 Updated: May 23, 2018

                                  Status

                                  Unknown

                                  Vendor Statement

                                  We have not received a statement from the vendor.

                                  Vendor References

                                    Tizen Unknown

                                    Notified:  May 23, 2018 Updated: May 23, 2018

                                    Status

                                    Unknown

                                    Vendor Statement

                                    We have not received a statement from the vendor.

                                    Vendor References

                                      Turbolinux Unknown

                                      Notified:  May 23, 2018 Updated: May 23, 2018

                                      Status

                                      Unknown

                                      Vendor Statement

                                      We have not received a statement from the vendor.

                                      Vendor References

                                        Ubuntu Unknown

                                        Notified:  May 23, 2018 Updated: May 23, 2018

                                        Status

                                        Unknown

                                        Vendor Statement

                                        We have not received a statement from the vendor.

                                        Vendor References

                                          View all 22 vendors View less vendors


                                          CVSS Metrics

                                          Group Score Vector
                                          Base 4.9 AV:N/AC:H/Au:S/C:N/I:N/A:C
                                          Temporal 3.8 E:POC/RL:OF/RC:C
                                          Environmental 3.9 CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

                                          References

                                          Acknowledgements

                                          Thanks to Kevin Backhouse of Semmle Ltd. for reporting this vulnerability.

                                          This document was written by Garret Wassermann.

                                          Other Information

                                          CVE IDs: CVE-2018-5388
                                          Date Public: 2018-05-22
                                          Date First Published: 2018-05-23
                                          Date Last Updated: 2018-06-13 16:07 UTC
                                          Document Revision: 40

                                          Sponsored by CISA.

                                          Download PGP Key

                                          Read CERT/CC Blog

                                          Learn about Vulnerability Analysis