CVE-2012-2388

Published: Jun 27, 2012Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."

Affected (34)

Products: Strongswan: Strongswan

1 product

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Strongswan Strongswan	Version 4.2.0
Strongswan Strongswan	Version 4.2.10
Strongswan Strongswan	Version 4.2.11
Strongswan Strongswan	Version 4.2.12
Strongswan Strongswan	Version 4.2.13
Strongswan Strongswan	Version 4.2.14
Strongswan Strongswan	Version 4.2.15
Strongswan Strongswan	Version 4.2.16
Strongswan Strongswan	Version 4.2.1
Strongswan Strongswan	Version 4.2.2
Strongswan Strongswan	Version 4.2.3
Strongswan Strongswan	Version 4.2.4
Strongswan Strongswan	Version 4.2.5
Strongswan Strongswan	Version 4.2.6
Strongswan Strongswan	Version 4.2.7
Strongswan Strongswan	Version 4.2.8
Strongswan Strongswan	Version 4.2.9
Strongswan Strongswan	Version 4.3.0
Strongswan Strongswan	Version 4.3.1
Strongswan Strongswan	Version 4.3.2
Strongswan Strongswan	Version 4.3.3
Strongswan Strongswan	Version 4.3.4
Strongswan Strongswan	Version 4.3.5
Strongswan Strongswan	Version 4.3.6
Strongswan Strongswan	Version 4.4.0
Strongswan Strongswan	Version 4.4.1
Strongswan Strongswan	Version 4.5.0
Strongswan Strongswan	Version 4.5.1
Strongswan Strongswan	Version 4.5.2
Strongswan Strongswan	Version 4.5.3
Strongswan Strongswan	Version 4.6.0
Strongswan Strongswan	Version 4.6.1
Strongswan Strongswan	Version 4.6.2
Strongswan Strongswan	Version 4.6.3

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html

Source: secalert@redhat.com

http://osvdb.org/82587

Source: secalert@redhat.com

http://secunia.com/advisories/49315

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/49336

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/49370

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/55051

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2483

Source: secalert@redhat.com

http://www.securityfocus.com/bid/53752

Source: secalert@redhat.com

http://www.securitytracker.com/id?1027110

Source: secalert@redhat.com

http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html

Source: secalert@redhat.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/76013

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/82587

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49315

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/49336

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/49370

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/55051

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2483

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/53752

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1027110

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.strongswan.org/blog/2012/05/31/strongswan-4.6.4-released-%28cve-2012-2388%29.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/76013

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.