CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs

Remotely exploitable, the integer underflow vulnerability impacts StrongSwan releases spanning 15 years. The post StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs appeared first on SecurityWeek.

VPN attack

A high-severity vulnerability in StrongSwan’s EAP-TTLS AVP parser could be exploited remotely, without authentication, to take VPN services offline.

An open source IPsec VPN solution that provides client and server encryption and authentication, StrongSwan supports Windows, Linux, macOS, Android, and other platforms, and is widely used across enterprise environments.

The software supports, among other authentication methods, Extensible Authentication Protocol-Tunneled Transport Layer Security (EAP-TTLS), which relies on Attribute-Value Pairs (AVPs) to pass authentication data through a TLS tunnel.

Last week, StrongSwan warned that all versions from 4.5.0 to 6.0.4 are affected by an integer underflow bug in the EAP-TTLS AVP parser that could be abused to crash the process by supplying crafted AVP data with invalid length fields.

“Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon,” a NIST advisory reads.

The issue exists because the parser does not check the AVP’s length value, which leads to a 32-bit integer underflow for length values between 0 and 7, StrongSwan explains.

While this leads to resource exhaustion if memory allocation succeeds, allocating large amounts of memory may fail, resulting in a null-pointer dereference and a segmentation fault, it says.

According to Bishop Fox, successful exploitation of the flaw requires a two-phase attack, where a malicious packet corrupts the heap and a second packet triggers the segmentation fault, crashing the daemon.

The cybersecurity firm discovered that the crash is triggered based on how the system handles the impossibly large allocation request. While in some cases NULL is immediately returned, in others the daemon crashes only when corrupted structures are used in a subsequent request.

The vulnerability was addressed in StrongSwan version 6.0.5, which adds the required validation of AVP length values during the parsing operation.

Related: Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

Related: TP-Link Patches High-Severity Router Vulnerabilities

Related: Cisco Patches Multiple Vulnerabilities in IOS Software

Related: iOS, macOS 26.4 Roll Out With Fresh Security Patches

Latest News

CYBERNEWSMEDIAPublisher