strongSwan - Design by Margo Galas <galas (at) solnet (dot) ch>

Main Sponsors




Hochschule für Technik Rapperswil

strongSwan 4.6.4 Released (CVE-2012-2388)

strongSwan 4.6.4 fixes a security vulnerability which affects all versions since 4.2.0 if the gmp plugin is used for RSA signature verification.

RSA signature verification vulnerability

This release fixes a security vulnerability (CVE-2012-2388) which exists in all versions since 4.2.0 and up to 4.6.3. If the gmp plugin is used for RSA signature verification (the default on many platforms) an empty or zeroed signature is handled as a legitimate one. Both IKEv1 and IKEv2 are affected.

A connection definition using RSA authentication is required to exploit this vulnerability. Given that, an attacker presenting a forged signature and/or certificate can authenticate as any legitimate user. Injecting code is not possible by such an attack.

To fix this please either update to 4.6.4 or apply the appropriate patch yourself. As a workaround the openssl or gcrypt plugin may be used for RSA signature verification.

We were informed by CERT-FI about this vulnerability which was originally discovered by the Codenomicon CROSS project.

Other fixes

  • The behavior of the IKEv2 daemon charon during reauthentication and mobility has been improved in several corner cases. Especially in situations where MOBIKE is disabled or not supported by the other peer.

Download it from here.