FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

strongSwan -- ECDSA signature verification issue

Affected packages
strongswan < 5.0.4

Details

VuXML ID 6ff570cb-b418-11e2-b279-20cf30e32f6d
Discovery 2013-04-30
Entry 2013-05-03

strongSwan security team reports:

If the openssl plugin is used for ECDSA signature verification an empty, zeroed or otherwise invalid signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected.

Affected are only installations that have enabled and loaded the OpenSSL crypto backend (--enable-openssl). Builds using the default crypto backends are not affected.

References

CVE Name CVE-2013-2944