[Pkg-swan-devel] [strongswan] 01/01: Fix CVE-2015-8023

Yves-Alexis Perez corsac at moszumanska.debian.org
Mon Nov 16 13:15:31 UTC 2015 

This is an automated email from the git hooks/post-receive script.

corsac pushed a commit to branch squeeze-security
in repository strongswan.

commit bd93d3f3a1f36e0bcd5d91ed57603d0ac3d3336f
Author: Yves-Alexis Perez <corsac at debian.org>
Date:   Tue Nov 10 16:22:24 2015 +0100

    Fix CVE-2015-8023
    
    * Non-maintainer upload by the Security Team.
    * debian/patches:
      - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when
      using EAP MSCHAPv2.
---
 debian/changelog                                   |  9 ++++++
 .../patches/CVE-2015-8023_eap_mschapv2_state.patch | 35 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 45 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 645cdc4..ddd91a8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strongswan (4.4.1-5.8) UNRELEASED; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * debian/patches:
+    - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when
+    using EAP MSCHAPv2.
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Tue, 10 Nov 2015 16:21:48 +0100
+
 strongswan (4.4.1-5.7) squeeze-lts; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff --git a/debian/patches/CVE-2015-8023_eap_mschapv2_state.patch b/debian/patches/CVE-2015-8023_eap_mschapv2_state.patch
new file mode 100644
index 0000000..64f1f4e
--- /dev/null
+++ b/debian/patches/CVE-2015-8023_eap_mschapv2_state.patch
@@ -0,0 +1,35 @@
+From 91762f11e223e33b82182150d7c4cf7c2ec3cefa Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Thu, 29 Oct 2015 11:18:27 +0100
+Subject: [PATCH] eap-mschapv2: Only succeed authentication if MSK was
+ established
+
+An MSK is only established if the client successfully authenticated
+itself and only then must we accept an MSCHAPV2_SUCCESS message.
+
+Fixes CVE-2015-8023
+---
+ src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+index f7f39f9841d2..931e3c41dde4 100644
+--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
++++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+@@ -1145,7 +1145,11 @@ METHOD(eap_method_t, process_server, status_t,
+ 		}
+ 		case MSCHAPV2_SUCCESS:
+ 		{
+-			return SUCCESS;
++			if (this->msk.ptr)
++			{
++				return SUCCESS;
++			}
++			break;
+ 		}
+ 		case MSCHAPV2_FAILURE:
+ 		{
+-- 
+1.9.1
+
+
\ No newline at end of file
diff --git a/debian/patches/series b/debian/patches/series
index d84c169..461cab6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@ CVE-2013-6075.patch
 CVE-2014-2338-4.x.patch
 CVE-2014-2891.patch
 CVE-2015-4171_enforce_remote_auth.patch
+CVE-2015-8023_eap_mschapv2_state.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git

More information about the Pkg-swan-devel mailing list