CVE-2018-15836 (retired)

Priority
Description
In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before
2.6.50.1, the RSA implementation does not verify the value of padding
string during PKCS#1 v1.5 signature verification. Consequently, a remote
attacker can forge signatures when small public exponents are being used.
IKEv2 signature verification is affected when RAW RSA keys are used.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-08-23 09:30:37 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)