mystified Posted September 23, 2004 Report Share Posted September 23, 2004 Package name super-freeswan Date September 20th, 2004 Advisory ID MDKSA-2004:070-1 Affected versions 10.0 Synopsis Updated freeswan and super-freeswan packages fix certificate chain authentication vulnerability Problem Description Thomas Walpuski discovered a vulnerability in the X.509 handling of super-freeswan, openswan, strongSwan, and FreeS/WAN with the X.509 patch applied. This vulnerability allows an attacker to make up their own Certificate Authority that can allow them to impersonate the identity of a valid DN. As well, another hole exists in the CA checking code that could create an endless loop in certain instances. Mandrakesoft encourages all users who use FreeS/WAN or super-freeswan to upgrade to the updated packages which are patched to correct these flaws. Update: Due to a build error, the super-freeswan packages did not include the pluto program. The updated packages fix this error. Updated Packages Mandrakelinux 10.0 fa37ec26d95abe88531f412b19fd4312 10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.i586.rpm 2a82a0cb9c3f47d658f40a36aad8cd04 10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.i586.rpm 4cc876821005905818c2f2aa590601c2 10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64 0125ca974282b60d0cbfe5661523a44c amd64/10.0/RPMS/super-freeswan-1.99.8-8.2.100mdk.amd64.rpm 398996877b35d0b04130d35d939b9372 amd64/10.0/RPMS/super-freeswan-doc-1.99.8-8.2.100mdk.amd64.rpm 4cc876821005905818c2f2aa590601c2 amd64/10.0/SRPMS/super-freeswan-1.99.8-8.2.100mdk.src.rpm References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0590 http://lists.openswan.org/pipermail/dev/20...une/000369.html http://www.openswan.org/support/vuln/can-2004-0590/ Upgrade To upgrade automatically, use MandrakeUpdate. Verification Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig package.rpm You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM. If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you. Link to comment Share on other sites More sharing options...
Recommended Posts