CVE-2022-40617 The strongSwan revocation plugin can be compromised when an attacker sends a crafted end-entity certificate that contains a CRL/OCSP URL pointing to a controlled server.
An attacker can exploit this by generating a signed certificate for an arbitrary host and then sending it to a victim via email or other means. The certificate's endentity certificate is accepted by the system if the revocation-checking plugin is enabled. The server hosting the revocation-checking plugin (under the attacker's control) responds with an excessive amount of data, during the initial TCP handshake, causing the victim's system to consume a large amount of bandwidth and CPU time. This can be leveraged in a denial of service attack against a connected network. This issue has been addressed by updating the revocation-checking plugin code to reject any certificate with a revoked end-entity certificate. A patch for Red Hat Enterprise Linux 7 has been released for version 5.9.8-88.el7.x86_64. Red Hat Enterprise Linux 6 has been updated to version 5.9.8-89.el6_6.x86_64. Red Hat Enterprise Linux 5 has been updated to version 5.9.8-91.el5.x86_64. Red Hat Enterprise Linux 4 has been updated to version 5.9.8-92.el4.x86_64. Red Hat Enterprise Linux 3 has been updated to version 5.9.8-93.el3.x86_64. Red Hat Enterprise Linux 2 has been updated to version 5.9.8-99.el2.x86_64. Red Hat Enterprise Linux 5 (
Fixing the problem by updating the plugins
The bug can be fixed by updating the plugins.
Software Description
Red Hat Enterprise Linux is a distribution of Red Hat's operating system (OS) for servers. It is based on the Red Hat Enterprise Linux 5 kernel with modified device drivers and filesystem utilities that support the x86, x86-64, IA64, PowerPC, ARM and s390 architectures.
Important Notes:
An attacker can exploit this by generating a signed certificate for an arbitrary host and then sending it to a victim via email or other means. The certificate's endentity certificate is accepted by the system if the revocation-checking plugin is enabled. The server hosting the revocation-checking plugin (under the attacker's control) responds with an excessive amount of data, during the initial TCP handshake, causing the victim's system to consume a large amount of bandwidth and CPU time. This can be leveraged in a denial of service attack against a connected network.
This issue has been addressed by updating the vulnerability management plugin code to reject any certificate with a revoked end-entity certificate. A patch for Red Hat Enterprise Linux 7 has been released for version 5.9.8-88.el7.x86_64. Red Hat Enterprise Linux 6 has been updated to version 5.9.8-89.el6_6.x86_64. Red Hat Enterprise Linux 5 has been updated to version 5.9.8-91
An attacker could exploit this flaw in order to obtain sensitive information from an SSL session such as user credentials, cache contents, and website contents that are stored on the victim's system without their knowledge or consent during TLS negotiation when using SSL (especially when using non-HTTPS connections).
This issue has been addressed by updating OpenSSL packages for Red Hat Enterprise Linux 7 for SRPMs 3a70d4cab2ff5b5e
Installation Notes
The following packages are required:
- libxml2-devel
- libxslt1-devel
- openssl-devel
- libpng12-devel
For Red Hat Enterprise Linux 5, the following packages are required:
- libxml2
- libxslt1
A patch for Red Hat Enterprise Linux 7 has been released for version 5.9.8-88.el7.x86_64. Red Hat Enterprise Linux 6 has been updated to version 5.9.8-89.el6_6.x86_64. Red Hat Enterprise Linux 4 has been updated to version 5.9.8-92.el4.x86_64 and Red Hat Enterprise Linux 3 has been updated to version 5.9.8-93.el3 x86_64
Timeline
Published on: 10/31/2022 06:15:00 UTC
Last modified on: 11/14/2022 15:15:00 UTC