CVE-2018-16152

CVE-2018-16152

Name

CVE-2018-16152

Description

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mitigation	https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
Third Party Advisory	https://www.debian.org/security/2018/dsa-4305
Third Party Advisory	https://usn.ubuntu.com/3771-1/
Mailing List	https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html
Third Party Advisory	https://security.gentoo.org/glsa/201811-16
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html
cve@mitre.org	https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html

Type

URI

Mitigation

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html

Third Party Advisory

https://www.debian.org/security/2018/dsa-4305

Third Party Advisory

https://usn.ubuntu.com/3771-1/

Mailing List

https://lists.debian.org/debian-lts-announce/2018/09/msg00032.html

Third Party Advisory

https://security.gentoo.org/glsa/201811-16

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html

cve@mitre.org

https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:strongswan:strongswan::::::::`	strongswan	>= 5.0.0	< 5.7.0
`cpe:2.3:a:strongswan:strongswan::::::::`	strongswan	>= 4.0.0	<= 4.6.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*

strongswan

>= 5.0.0

< 5.7.0

cpe:2.3:a:strongswan:strongswan:*:*:*:*:*:*:*:*

strongswan

>= 4.0.0

<= 4.6.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
strongswan	edge-main	5.7.0-r0	None	fixed
strongswan	edge-main	5.6.3-r0	None	possibly vulnerable
strongswan	edge-main	5.5.3-r0	None	possibly vulnerable
strongswan	3.22-main	5.7.0-r0	None	fixed
strongswan	3.22-main	5.6.3-r0	None	possibly vulnerable
strongswan	3.22-main	5.5.3-r0	None	possibly vulnerable
strongswan	3.21-main	5.7.0-r0	None	fixed
strongswan	3.21-main	5.6.3-r0	None	possibly vulnerable
strongswan	3.21-main	5.5.3-r0	None	possibly vulnerable
strongswan	3.20-main	5.7.0-r0	None	fixed
strongswan	3.20-main	5.6.3-r0	None	possibly vulnerable
strongswan	3.20-main	5.5.3-r0	None	possibly vulnerable
strongswan	3.19-main	5.7.0-r0	None	fixed
strongswan	3.19-main	5.6.3-r0	None	possibly vulnerable
strongswan	3.19-main	5.5.3-r0	None	possibly vulnerable
strongswan	3.18-main	5.7.0-r0	None	fixed
strongswan	3.17-main	5.7.0-r0	None	fixed
strongswan	3.12-main	5.7.0-r0	None	fixed
strongswan	3.11-main	5.7.0-r0	None	fixed
strongswan	3.10-main	5.7.0-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages