PublicDateAtUSN: 2015-11-16 12:00:00
Candidate: CVE-2015-8023
CRD: 2015-11-16 12:00:00
PublicDate: 2015-11-18 16:59:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8023
 https://www.strongswan.org/blog/2015/11/16/strongswan-5.3.4-released.html
 https://ubuntu.com/security/notices/USN-2811-1
Description:
 The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2
 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly
 validate local state, which allows remote attackers to bypass
 authentication via an empty Success message in response to an initial
 Challenge message.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_strongswan:
upstream_strongswan: released (5.3.4)
precise_strongswan: ignored (reached end-of-life)
precise/esm_strongswan: DNE (precise was needed)
trusty_strongswan: released (5.1.2-0ubuntu2.4)
trusty/esm_strongswan: released (5.1.2-0ubuntu2.4)
vivid_strongswan: released (5.1.2-0ubuntu5.3)
vivid/stable-phone-overlay_strongswan: DNE
vivid/ubuntu-core_strongswan: DNE
wily_strongswan: released (5.1.2-0ubuntu6.2)
xenial_strongswan: released (5.1.2-0ubuntu7)
esm-infra/xenial_strongswan: released (5.1.2-0ubuntu7)
yakkety_strongswan: released (5.1.2-0ubuntu7)
zesty_strongswan: released (5.1.2-0ubuntu7)
devel_strongswan: released (5.1.2-0ubuntu7)