Arch Linux
Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download
issues
advisories
todo
stats
log
login
ASA-201809-4 - log
back
ASA-201809-4
created
at 25 Sep 2019 19:32:14
Workaround
+
If the gmp plugin is loaded, make sure that none of the employed keys
+
and certificates (including those of CAs) use keys with e = 3.
+
Strongswan's tool to generate keys (pki --gen) always used e = 65537
+
(0x10001), which is not vulnerable, so certificates and keys generated
+
with this tool are fine for use even with an unpatched gmp plugin.
Impact
+
An attacker is able to use non-validated fields on a maliciously- crafted file to forge a signature or a CA certificate.