Bug 1635877 (CVE-2018-17540)

Summary: CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates
Product: [Other] Security Response Reporter: Laura Pardo <lpardo>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: avagarwa, code, mikhail.zabaluev, sspreitz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-11-12 06:51:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1635878, 1635879    
Bug Blocks: 1635880    

Description Laura Pardo 2018-10-03 20:09:24 UTC 
A flaw was found in Strongswan caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon.


References:
https://packetstormsecurity.com/files/149640/dsa-4309-1.txt
Comment 1 Laura Pardo 2018-10-03 20:10:01 UTC 
Created strongswan tracking bugs for this issue:

Affects: epel-all [bug 1635878]
Affects: fedora-all [bug 1635879]
Comment 2 Huzaifa S. Sidhpurwala 2018-11-12 06:50:00 UTC 
This is a flaw, which is caused by the patch applied to fix CVE-2018-16151 in the gmp plugin. Strongswan in Red Hat Enterprise Linux 7 does not enable the gmp plugin.