Bug 1635873 (CVE-2018-16151) - CVE-2018-16151 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
Summary: CVE-2018-16151 strongswan: authentication bypass in verify_emsa_pkcs1_signatu...
Alias: CVE-2018-16151
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 1635874 1635875
Blocks: 1635880
TreeView+ depends on / blocked
Reported: 2018-10-03 19:55 UTC by Laura Pardo
Modified: 2019-09-29 14:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-11-12 06:51:33 UTC

Attachments (Terms of Use)

Description Laura Pardo 2018-10-03 19:55:14 UTC
A flaw was found in strongSwan 4.x and 5.x before 5.7.0. In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. 


Comment 1 Laura Pardo 2018-10-03 19:56:09 UTC
Created strongswan tracking bugs for this issue:

Affects: epel-all [bug 1635874]
Affects: fedora-all [bug 1635875]

Comment 2 Huzaifa S. Sidhpurwala 2018-11-12 06:46:59 UTC
Strongswan in Red Hat Enterprise Linux does not enable the gmp plugin. Therefore this flaw does not affect Red Hat Enterprise Linux 7 build of strongswan.

Note You need to log in before you can comment on or make changes to this bug.