Launchpad CVE tracker

CVE 2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses.

Related bugs and status

CVE-2015-4171 (Candidate) is related to these bugs:

Bug #1309594: kernel-libipsec not loading

Summary				In	Importance	Status
	1309594	kernel-libipsec not loading		strongswan (Ubuntu)	Medium	Fix Released
	1309594	kernel-libipsec not loading		strongswan (Ubuntu Trusty)	Undecided	Won't Fix

Bug #1330504: strongSwan 5.1.3

Summary				In	Importance	Status
	1330504	strongSwan 5.1.3		strongswan (Ubuntu)	High	Fix Released

Bug #1333655: strongSwan AppArmor profile does not allow user priv dropping

Summary				In	Importance	Status
	1333655	strongSwan AppArmor profile does not allow user priv dropping		strongswan (Ubuntu)	Wishlist	Fix Released

Bug #1448870: Certificate policies cause rejections

Summary				In	Importance	Status
	1448870	Certificate policies cause rejections		strongswan (Ubuntu)	Undecided	Fix Released

Bug #1451091: new upstream version 5.2.2

Summary				In	Importance	Status
	1451091	new upstream version 5.2.2		strongswan (Ubuntu)	Wishlist	Fix Released

Bug #1470277: strongswan apparmor profile doesn't permit xauth-pam

Summary				In	Importance	Status
	1470277	strongswan apparmor profile doesn't permit xauth-pam		strongswan (Ubuntu)	Undecided	Fix Released

Bug #1505222: strongSwan AppArmor prevents CRL caching

Summary				In	Importance	Status
	1505222	strongSwan AppArmor prevents CRL caching		strongswan (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-4171

References