csaf_suse - suse-su-2015:1196-1

SUSE-SU-2015:1196-1

Vulnerability from csaf_suse - Published: 2015-06-08 08:04 - Updated: 2015-06-08 08:04

Summary

Security update for strongswan

Notes

Title of the patch

Security update for strongswan

Description of the patch

Strongswan was updated to fix one security issue. The following vulnerability was fixed: * CVE-2015-4171: Rogue servers were able to authenticate themselves with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591)

Patchnames

SUSE-SLE-DESKTOP-12-2015-297,SUSE-SLE-SERVER-12-2015-297

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for strongswan",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "Strongswan was updated to fix one security issue.\n\nThe following vulnerability was fixed:\n\n* CVE-2015-4171: Rogue servers were able to authenticate themselves with certificate issued by any CA the client trusts, to gain user credentials from a client in certain IKEv2 setups (bsc#933591)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-DESKTOP-12-2015-297,SUSE-SLE-SERVER-12-2015-297",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1196-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2015:1196-1",
        "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151196-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2015:1196-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-July/001483.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 933591",
        "url": "https://bugzilla.suse.com/933591"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-4171 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-4171/"
      }
    ],
    "title": "Security update for strongswan",
    "tracking": {
      "current_release_date": "2015-06-08T08:04:58Z",
      "generator": {
        "date": "2015-06-08T08:04:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2015:1196-1",
      "initial_release_date": "2015-06-08T08:04:58Z",
      "revision_history": [
        {
          "date": "2015-06-08T08:04:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "strongswan-doc-5.1.3-18.1.noarch",
                "product": {
                  "name": "strongswan-doc-5.1.3-18.1.noarch",
                  "product_id": "strongswan-doc-5.1.3-18.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "strongswan-5.1.3-18.1.ppc64le",
                "product": {
                  "name": "strongswan-5.1.3-18.1.ppc64le",
                  "product_id": "strongswan-5.1.3-18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-hmac-5.1.3-18.1.ppc64le",
                "product": {
                  "name": "strongswan-hmac-5.1.3-18.1.ppc64le",
                  "product_id": "strongswan-hmac-5.1.3-18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-ipsec-5.1.3-18.1.ppc64le",
                "product": {
                  "name": "strongswan-ipsec-5.1.3-18.1.ppc64le",
                  "product_id": "strongswan-ipsec-5.1.3-18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-libs0-5.1.3-18.1.ppc64le",
                "product": {
                  "name": "strongswan-libs0-5.1.3-18.1.ppc64le",
                  "product_id": "strongswan-libs0-5.1.3-18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "strongswan-5.1.3-18.1.s390x",
                "product": {
                  "name": "strongswan-5.1.3-18.1.s390x",
                  "product_id": "strongswan-5.1.3-18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-hmac-5.1.3-18.1.s390x",
                "product": {
                  "name": "strongswan-hmac-5.1.3-18.1.s390x",
                  "product_id": "strongswan-hmac-5.1.3-18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-ipsec-5.1.3-18.1.s390x",
                "product": {
                  "name": "strongswan-ipsec-5.1.3-18.1.s390x",
                  "product_id": "strongswan-ipsec-5.1.3-18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-libs0-5.1.3-18.1.s390x",
                "product": {
                  "name": "strongswan-libs0-5.1.3-18.1.s390x",
                  "product_id": "strongswan-libs0-5.1.3-18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "strongswan-5.1.3-18.1.x86_64",
                "product": {
                  "name": "strongswan-5.1.3-18.1.x86_64",
                  "product_id": "strongswan-5.1.3-18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-ipsec-5.1.3-18.1.x86_64",
                "product": {
                  "name": "strongswan-ipsec-5.1.3-18.1.x86_64",
                  "product_id": "strongswan-ipsec-5.1.3-18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-libs0-5.1.3-18.1.x86_64",
                "product": {
                  "name": "strongswan-libs0-5.1.3-18.1.x86_64",
                  "product_id": "strongswan-libs0-5.1.3-18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "strongswan-hmac-5.1.3-18.1.x86_64",
                "product": {
                  "name": "strongswan-hmac-5.1.3-18.1.x86_64",
                  "product_id": "strongswan-hmac-5.1.3-18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Desktop 12",
                "product": {
                  "name": "SUSE Linux Enterprise Desktop 12",
                  "product_id": "SUSE Linux Enterprise Desktop 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sled:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12",
                  "product_id": "SUSE Linux Enterprise Server 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:strongswan-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-doc-5.1.3-18.1.noarch as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:strongswan-doc-5.1.3-18.1.noarch"
        },
        "product_reference": "strongswan-doc-5.1.3-18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:strongswan-ipsec-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
          "product_id": "SUSE Linux Enterprise Desktop 12:strongswan-libs0-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-doc-5.1.3-18.1.noarch as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-doc-5.1.3-18.1.noarch"
        },
        "product_reference": "strongswan-doc-5.1.3-18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-hmac-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-hmac-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-hmac-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-hmac-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-hmac-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-hmac-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server 12",
          "product_id": "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-doc-5.1.3-18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-doc-5.1.3-18.1.noarch"
        },
        "product_reference": "strongswan-doc-5.1.3-18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-hmac-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-hmac-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-hmac-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-hmac-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-hmac-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-hmac-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-ipsec-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-ipsec-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.ppc64le"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.s390x"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "strongswan-libs0-5.1.3-18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.x86_64"
        },
        "product_reference": "strongswan-libs0-5.1.3-18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-4171",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-4171"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Desktop 12:strongswan-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:strongswan-doc-5.1.3-18.1.noarch",
          "SUSE Linux Enterprise Desktop 12:strongswan-ipsec-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Desktop 12:strongswan-libs0-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:strongswan-doc-5.1.3-18.1.noarch",
          "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-doc-5.1.3-18.1.noarch",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-4171",
          "url": "https://www.suse.com/security/cve/CVE-2015-4171"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931845 for CVE-2015-4171",
          "url": "https://bugzilla.suse.com/931845"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 933591 for CVE-2015-4171",
          "url": "https://bugzilla.suse.com/933591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Desktop 12:strongswan-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:strongswan-doc-5.1.3-18.1.noarch",
            "SUSE Linux Enterprise Desktop 12:strongswan-ipsec-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Desktop 12:strongswan-libs0-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server 12:strongswan-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:strongswan-doc-5.1.3-18.1.noarch",
            "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server 12:strongswan-hmac-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server 12:strongswan-ipsec-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server 12:strongswan-libs0-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-doc-5.1.3-18.1.noarch",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-hmac-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-ipsec-5.1.3-18.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12:strongswan-libs0-5.1.3-18.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-06-08T08:04:58Z",
          "details": "low"
        }
      ],
      "title": "CVE-2015-4171"
    }
  ]
}

CVE-2015-4171 (GCVE-0-2015-4171)

Vulnerability from cvelistv5 – Published: 2015-06-10 18:00 – Updated: 2024-08-06 06:04

Summary

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securitytracker.com/id/1032514	vdb-entryx_refsource_SECTRACK
	https://www.strongswan.org/blog/2015/06/08/strong…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/06/08/4	mailing-listx_refsource_MLIST
	https://www.suse.com/security/cve/CVE-2015-4171.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/05/29/6	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/05/29/7	mailing-listx_refsource_MLIST
	https://play.google.com/store/apps/details?id=org…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2628-1	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2015/dsa-3282	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/74933	vdb-entryx_refsource_BID
	https://bugzilla.suse.com/show_bug.cgi?id=933591	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:04:03.021Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032514",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032514"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
          },
          {
            "name": "openSUSE-SU-2015:1082",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
          },
          {
            "name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
          },
          {
            "name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
          },
          {
            "name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
          },
          {
            "name": "USN-2628-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2628-1"
          },
          {
            "name": "DSA-3282",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3282"
          },
          {
            "name": "74933",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-07T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1032514",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032514"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
        },
        {
          "name": "openSUSE-SU-2015:1082",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
        },
        {
          "name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
        },
        {
          "name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
        },
        {
          "name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
        },
        {
          "name": "USN-2628-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2628-1"
        },
        {
          "name": "DSA-3282",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3282"
        },
        {
          "name": "74933",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4171",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032514",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032514"
            },
            {
              "name": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html",
              "refsource": "CONFIRM",
              "url": "https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-%2528cve-2015-4171%2529.html"
            },
            {
              "name": "openSUSE-SU-2015:1082",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00040.html"
            },
            {
              "name": "[oss-security] 20150608 Re: StrongSwan VPN client for Android leaks username to rouge server",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/06/08/4"
            },
            {
              "name": "https://www.suse.com/security/cve/CVE-2015-4171.html",
              "refsource": "CONFIRM",
              "url": "https://www.suse.com/security/cve/CVE-2015-4171.html"
            },
            {
              "name": "[oss-security] 20150529 StrongSwan VPN client for Android leaks username to rouge server",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/05/29/6"
            },
            {
              "name": "[oss-security] 20150529 Re: StrongSwan VPN client for Android leaks username to rouge server",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/05/29/7"
            },
            {
              "name": "https://play.google.com/store/apps/details?id=org.strongswan.android",
              "refsource": "CONFIRM",
              "url": "https://play.google.com/store/apps/details?id=org.strongswan.android"
            },
            {
              "name": "USN-2628-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2628-1"
            },
            {
              "name": "DSA-3282",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3282"
            },
            {
              "name": "74933",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74933"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=933591",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=933591"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4171",
    "datePublished": "2015-06-10T18:00:00",
    "dateReserved": "2015-06-02T00:00:00",
    "dateUpdated": "2024-08-06T06:04:03.021Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2015:1196-1

CVE-2015-4171 (GCVE-0-2015-4171)

Tags

Sightings

Nomenclature