Posted on

VU#338343: strongSwan VPN charon server vulnerable to buffer underflow

CWE-124: Buffer Underwrite (‘Buffer Underflow’) – CVE-2018-5388 In stroke_socket.c, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket. According to the vendor, an attacker must typically have local root permissions to access the socket. However, other accounts and groups such as the vpn group (if capability dropping in enabled, for example) may also have sufficient permissions, but this configuration does not appear to be the default behavior.

Leave a Reply

Your email address will not be published. Required fields are marked *