diff options
| -rw-r--r-- | debian/changelog | 9 | ||||
| -rw-r--r-- | debian/patches/CVE-2015-8023_eap_mschapv2_state.patch | 35 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 45 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index abd1c0c95..357528475 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +strongswan (5.3.3-3) UNRELEASED; urgency=high + + * Set urgency=high for security fix. + * debian/patches: + - CVE-2015-8023_eap_mschapv2_state added, fix authentication bypass when + using EAP MSCHAPv2. + + -- Yves-Alexis Perez <corsac@debian.org> Mon, 16 Nov 2015 12:32:58 +0100 + strongswan (5.3.3-2) unstable; urgency=medium * debian/rules: diff --git a/debian/patches/CVE-2015-8023_eap_mschapv2_state.patch b/debian/patches/CVE-2015-8023_eap_mschapv2_state.patch new file mode 100644 index 000000000..0ee759ce4 --- /dev/null +++ b/debian/patches/CVE-2015-8023_eap_mschapv2_state.patch @@ -0,0 +1,35 @@ +From 91762f11e223e33b82182150d7c4cf7c2ec3cefa Mon Sep 17 00:00:00 2001 +From: Tobias Brunner <tobias@strongswan.org> +Date: Thu, 29 Oct 2015 11:18:27 +0100 +Subject: [PATCH] eap-mschapv2: Only succeed authentication if MSK was + established + +An MSK is only established if the client successfully authenticated +itself and only then must we accept an MSCHAPV2_SUCCESS message. + +Fixes CVE-2015-8023 +--- + src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +index f7f39f9841d2..931e3c41dde4 100644 +--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c ++++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +@@ -1145,7 +1145,11 @@ METHOD(eap_method_t, process_server, status_t, + } + case MSCHAPV2_SUCCESS: + { +- return SUCCESS; ++ if (this->msk.ptr) ++ { ++ return SUCCESS; ++ } ++ break; + } + case MSCHAPV2_FAILURE: + { +-- +1.9.1 + +
diff --git a/debian/patches/series b/debian/patches/series index 791c61c82..aec9df656 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 04_disable-libtls-tests.patch 0001-socket-default-Refactor-setting-source-address-when-.patch 0001-socket-dynamic-Refactor-setting-source-address-when-.patch +CVE-2015-8023_eap_mschapv2_state.patch |