NASLDB: Debian DSA-2483-1 : strongswan - authentication bypass
General
ID: 59761
Name: Debian DSA-2483-1 : strongswan – authentication bypass
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
An authentication bypass issue was discovered by the Codenomicon CROSS
project in strongSwan, an IPsec-based VPN solution. When using
RSA-based setups, a missing check in the gmp plugin could allow an
attacker presenting a forged signature to successfully authenticate
against a strongSwan responder.
The default configuration in Debian does not use the gmp plugin for
RSA operations but rather the OpenSSL plugin, so the packages as
shipped by Debian are not vulnerable.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2012-2388
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/05/31
Plugin Release: 2012/06/29
Plugin
Version: 1.1
Filename: debian_DSA-2483.nasl
Filesize: 2939 bytes
MD5 Hash: 64a143d9a2510d781ee4c7b9377222e7
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack