Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-16152

Published: 26/09/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Strongswan

Vulnerability Summary

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x prior to 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

strongswan strongswan

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

Vendor Advisories

Ubuntu Security Notice: strongswan vulnerabilities
Several security issues were fixed in strongSwan ...
Debian Security Advisories: DSA-4305-1 strongswan -- security update
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication While the gmp plugin does ...
Debian Security Advisories: DSA-4309-1 strongswan -- security update
Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 (DSA-4305-1) An attacker could trigger it using crafted certificates with RSA keys with very small moduli Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resultin ...
Red Hat: CVE-2018-16152
In verify_emsa_pkcs1_signature() in gmp_rsa_public_keyc in the gmp plugin in strongSwan 4x and 5x before 570, the RSA implementation based on GMP does not reject excess data in the digestAlgorithmparameters field during PKCS#1 v15 signature verification Consequently, a remote attacker can forge signatures when small public exponents are bei ...
Arch Linux Issues:
The algorithmIdentifier structure on a PKCS#15 signature contains an optional parameters field While none of the algorithms used with PKCS#1 use parameters, ie the field should always be encoded as ASN1 NULL value, the strongswan decoder doesn't enforce this and simply skips over the parameters This allows an attacker to fill the field with r ...

References

CWE-347https://www.debian.org/security/2018/dsa-4305https://usn.ubuntu.com/3771-1/https://lists.debian.org/debian-lts-announce/2018/09/msg00032.htmlhttps://security.gentoo.org/glsa/201811-16http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlhttps://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.htmlhttps://usn.ubuntu.com/3771-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook