[Git][security-tracker-team/security-tracker][master] add note + no-dsa for IKEv1 PSK brute-force

[Yves-Alexis Perez]

Yves-Alexis Perez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1c6a6ebc by Yves-Alexis Perez at 2018-08-20T10:16:21Z
add note + no-dsa for IKEv1 PSK brute-force

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -27303,8 +27303,23 @@ CVE-2018-5390 (Linux kernel versions 4.9+ can be forced to make very expensive c
 	- linux 4.17.14-1 (bug #905751)
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.kb.cert.org/vuls/id/962459
-CVE-2018-5389
-	RESERVED
+CVE-2018-5389 [low-entropy passphrase in IKEv1 can be brute-forced]
+	RESERVED
+	NOTE: https://www.usenix.org/conference/usenixsecurity18/presentation/felsch
+	NOTE: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf
+	NOTE: https://www.usenix.org/sites/default/files/conference/protected-files/security18_slides_felsch.pdf
+	- strongswan <unfixed> (unimportant)
+	[stretch] - strongswan <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	[jessie] - strongswan <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	- libreswan <unfixed> (unimportant)
+	[stretch] - libreswan <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	[jessie] - libreswan <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	- ipsec-tools <unfixed> (unimportant)
+	[stretch] - ipsec-tools <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	[jessie] - ipsec-tools <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	- isakmpd <unfixed> (unimportant)
+	[stretch] - isakmpd <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
+	[jessie] - isakmpd <no-dsa> (vulnerability in IKEv1 protocol, not fixable in implementation; use strong passphrase or public-ley cryptography)
 CVE-2018-5388 (In stroke_socket.c in strongSwan before 5.6.3, a missing packet length ...)
 	{DSA-4229-1}
 	- strongswan 5.6.3-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c6a6ebc28b2408a7061e0bd106c3a790a5be293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1c6a6ebc28b2408a7061e0bd106c3a790a5be293
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180820/b5ea5660/attachment.html>