PublicDateAtUSN: 2018-09-24 12:00:00 UTC
Candidate: CVE-2018-16152
CRD: 2018-09-24 12:00:00 UTC
PublicDate: 2018-09-26 21:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16152
 https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
 https://ubuntu.com/security/notices/USN-3771-1
Description:
 In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin
 in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP
 does not reject excess data in the digestAlgorithm.parameters field during
 PKCS#1 v1.5 signature verification. Consequently, a remote attacker can
 forge signatures when small public exponents are being used, which could
 lead to impersonation when only an RSA signature is used for IKEv2
 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Sze Yiu Chau
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_strongswan:
upstream_strongswan: needs-triage
precise/esm_strongswan: DNE
trusty_strongswan: released (5.1.2-0ubuntu2.10)
trusty/esm_strongswan: released (5.1.2-0ubuntu2.10)
xenial_strongswan: released (5.3.5-1ubuntu3.7)
esm-infra/xenial_strongswan: released (5.3.5-1ubuntu3.7)
bionic_strongswan: released (5.6.2-1ubuntu2.2)
devel_strongswan: released (5.6.3-1ubuntu3)