Subject: [ASA-201805-26] strongswan: denial of service Arch Linux Security Advisory ASA-201805-26 ========================================== Severity: Low Date : 2018-05-26 CVE-ID : CVE-2018-5388 Package : strongswan Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-710 Summary ======= The package strongswan before version 5.6.2-2 is vulnerable to denial of service. Resolution ========== Upgrade to 5.6.2-2. # pacman -Syu "strongswan>=5.6.2-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== strongSwan VPN's charon server prior to version 5.6.3 is missing a packet length check in stroke_socket.c, allowing a buffer overflow which may lead to resource exhaustion and denial of service while reading from the socket. According to the vendor, an attacker must typically have local root permissions to access the socket. However, other accounts and groups such as the vpn group (if capability dropping in enabled, for example) may also have sufficient permissions, but this configuration does not appear to be the default behavior. Impact ====== A local attacker with access to the VPN socket is able to crash the service. References ========== https://bugs.archlinux.org/task/58719 https://www.kb.cert.org/vuls/id/338343 https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4 https://security.archlinux.org/CVE-2018-5388