CVE-2014-2338

Publication date 16 April 2014

Last updated 24 July 2024

Ubuntu priority

IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to bypass authentication by rekeying an IKE_SA during (1) initiation or (2) re-authentication, which triggers the IKE_SA state to be set to established.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
strongswan	17.04 zesty	Fixed 5.1.2-0ubuntu2
	16.10 yakkety	Fixed 5.1.2-0ubuntu2
	16.04 LTS xenial	Fixed 5.1.2-0ubuntu2
	15.10 wily	Fixed 5.1.2-0ubuntu2
	15.04 vivid	Fixed 5.1.2-0ubuntu2
	14.10 utopic	Fixed 5.1.2-0ubuntu2
	14.04 LTS trusty	Fixed 5.1.2-0ubuntu2
	13.10 saucy	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html
http://www.debian.org/security/2014/dsa-2903
https://www.cve.org/CVERecord?id=CVE-2014-2338