Posted on Apr 30, 2013 by tobias

strongSwan 5.0.4 fixes a security vulnerability which affects all versions since 4.3.5 if the openssl plugin is used for ECDSA signature verification.

ECDSA signature verification vulnerability

This release fixes a security vulnerability (CVE-2013-2944) which exists in all versions since 4.3.5 and up to 5.0.3. If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected.

Affected are only installations that have enabled and loaded the OpenSSL crypto backend (--enable-openssl). Builds using the default crypto backends are not affected.

While this new ECDSA vulnerability is very similar to the RSA signature vulnerability CVE-2012-2388, it is not directly related.

A connection definition using ECDSA authentication is required to exploit this vulnerability. Given that, an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user. Injecting code is not possible by such an attack.

To fix this issue please either update to 5.0.4 or apply the appropriate patch yourself.

This vulnerability was discovered by Kevin Wojtysiak, a Security Consultant who is co-founder of int3solutions. We want to express our thanks to Kevin for notifying us in advance about this critical security issue.

Download it from here.