Signature Detail
Short Name |
IKE:STRONGSWAN-CERTIFICATE-BO |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
IKE |
Keywords |
strongSwan Certificate and Identification Payload Parsing Buffer Overflow |
Release Date |
2013/01/08 |
Update Number |
2223 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
IKE: strongSwan Certificate and Identification Payload Parsing Buffer Overflow
A code execution vulnerability exists on strongSwan. The vulnerability is due to improper use of snprintf() when parsing certificates and Identification Payload. Remote attackers could exploit this vulnerability via a specially crafted certificate or identification payload. Successful exploitation would allow injection and execution of arbitrary code in the context of user root. Unsuccessful code injection attempts would cause termination of the pluto IKE daemon resulting in a denial of service condition.
Extended Description
The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.
Affected Products
- strongswan 4.3.0
- strongswan 4.3.1
- strongswan 4.3.2
- strongswan 4.3.3
- strongswan 4.3.4
- strongswan 4.3.5
- strongswan 4.3.6
- strongswan 4.4.0
References
- CVE: CVE-2010-2628