Elliott Childre identified a vulnerability in strongSwan, an IKE/IPsec suite. The bug happens when cloning certain identities and can lead to a double-free, a daemon crash (leading to denial of service) and potentially remote code execution.
Upstream lists several mitigations: - - Servers that don't use EAP or XAuth authentication are not vulnerable to remote attacks. - - Servers that use EAP authentication but delegate it to a RADIUS server and don't request an EAP-Identity themselves are not vulnerable either. However, note that the
https://security-tracker.debian.org/tracker/DSA-6330-1
Continue reading...
Upstream lists several mitigations: - - Servers that don't use EAP or XAuth authentication are not vulnerable to remote attacks. - - Servers that use EAP authentication but delegate it to a RADIUS server and don't request an EAP-Identity themselves are not vulnerable either. However, note that the
eap-radius plugin parses Class and Filter-Id attributes as group identities if enabled, in which case a rogue RADIUS server is able to trigger the issue. - - Servers that use IKEv1 with XAuth are not vulnerable unless they use the xauth-eap plugin. https://security-tracker.debian.org/tracker/DSA-6330-1
Continue reading...
