Bug 1222815 (CVE-2015-3991) - CVE-2015-3991 strongswan: incorrect payload processing for different IKE versions
Summary: CVE-2015-3991 strongswan: incorrect payload processing for different IKE vers...
Status: CLOSED WONTFIX
Alias: CVE-2015-3991
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20150601,repo...
Keywords: Security
Depends On: 1228819 1228820 1228821
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-05-19 08:49 UTC by Martin Prpič
Modified: 2019-06-08 20:35 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2015-06-05 20:22:27 UTC


Attachments (Terms of Use)
strongswan-5.2.2-5.3.0_unknown_payload.patch (5.87 KB, text/plain)
2015-05-19 08:52 UTC, Martin Prpič
no flags Details

Description Martin Prpič 2015-05-19 08:49:54 UTC
A flaw was found in the strongSwan payload handling code. This flaw can be triggered by an IKEv1 or IKEv2 message that contains payloads that are only defined for the respective other IKE version. For instance, sending an IKEv1 Main Mode message containing a payload with type 41 (IKEv2 Notify) will crash the daemon or, potentially allow for remote code execution, when a short summary of the contents of the message is logged ("parsed ID_PROT request 0 [ ... ]").

Comment 1 Martin Prpič 2015-05-19 08:52:12 UTC
Created attachment 1027039 [details]
strongswan-5.2.2-5.3.0_unknown_payload.patch

Comment 3 Kurt Seifried 2015-06-05 20:21:50 UTC
Created strongswan tracking bugs for this issue:

Affects: fedora-all [bug 1228819]
Affects: epel-6 [bug 1228820]
Affects: epel-7 [bug 1228821]

Comment 4 Kurt Seifried 2015-06-05 20:22:27 UTC
Closing as this doesn't affect RHEL.


Note You need to log in before you can comment on or make changes to this bug.