CVE-2013-2944
First published: Thu May 02 2013(Updated: )
strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| strongSwan | =4.3.5 | |
| strongSwan | =4.3.6 | |
| strongSwan | =4.3.7 | |
| strongSwan | =4.4.0 | |
| strongSwan | =4.4.1 | |
| strongSwan | =4.5.0 | |
| strongSwan | =4.5.1 | |
| strongSwan | =4.5.2 | |
| strongSwan | =4.5.3 | |
| strongSwan | =4.6.0 | |
| strongSwan | =4.6.1 | |
| strongSwan | =4.6.2 | |
| strongSwan | =4.6.3 | |
| strongSwan | =4.6.4 | |
| strongSwan | =5.0.0 | |
| strongSwan | =5.0.1 | |
| strongSwan | =5.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://download.strongswan.org/patches/10_openssl_ecdsa_signature_patch/strongswan-4.3.5-5.0.3_openssl_ecdsa_signature.patch
- http://lists.opensuse.org/opensuse-updates/2013-05/msg00014.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00010.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00121.html
- http://www.debian.org/security/2013/dsa-2665
- http://www.securityfocus.com/bid/59580
- http://www.strongswan.org/blog/2013/04/30/strongswan-5.0.4-released-(cve-2013-2944).html
Frequently Asked Questions
What is the severity of CVE-2013-2944?
The severity of CVE-2013-2944 is classified as high due to the potential for remote authentication bypass.
Who is affected by CVE-2013-2944?
CVE-2013-2944 affects strongSwan versions 4.3.5 through 5.0.3 when using the OpenSSL plugin for ECDSA signature verification.
How do I fix CVE-2013-2944?
To fix CVE-2013-2944, upgrade strongSwan to a version later than 5.0.3 that includes the relevant security patches.
What are the consequences of CVE-2013-2944?
The consequences of CVE-2013-2944 allow remote attackers to authenticate as other users, compromising user accounts.
Is CVE-2013-2944 exploitable in the wild?
Yes, CVE-2013-2944 may be exploitable in the wild if the affected versions of strongSwan are deployed without mitigation.
- agent/first-publish-date
- agent/type
- agent/last-modified-date
- agent/severity
- agent/description
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/strongswan
- canonical/strongswan
- version/strongswan/4.3.5
- version/strongswan/4.3.6
- version/strongswan/4.3.7
- version/strongswan/4.4.0
- version/strongswan/4.4.1
- version/strongswan/4.5.0
- version/strongswan/4.5.1
- version/strongswan/4.5.2
- version/strongswan/4.5.3
- version/strongswan/4.6.0
- version/strongswan/4.6.1
- version/strongswan/4.6.2
- version/strongswan/4.6.3
- version/strongswan/4.6.4
- version/strongswan/5.0.0
- version/strongswan/5.0.1
- version/strongswan/5.0.2