strongSwan, ngwugwu VPN dabere na IPSec ejiri na Linux, gam akporo, FreeBSD, na macOS, nwere adịghị ike (CVE-2023-41913) nke onye mwakpo nwere ike iji mee ihe maka mkpochapụ koodu dịpụrụ adịpụ. Ọdịmma ahụ bụ n'ihi ahụhụ na usoro charon-tkm yana mmejuputa TKMv2 (Trusted Key Manager) nke usoro igodo Exchange (IKE), na-ebute oke nchekwa mgbe ị na-ahazi ụkpụrụ atụmatụ DH (Diffie–Hellman). Ọdịmma ahụ na-apụta naanị na sistemụ na-eji charon-tkm na mwepụta Swan siri ike malite na 5.3.0. Edobere nsogbu ahụ na nwelite Swan 5.9.12 siri ike. Iji dozie adịghị ike na alaka na-amalite site na 5.3.x, edoziwokwa patches.
Emere njehie a site na ịleleghị nha nke ụkpụrụ Diffie-Hellman nke ọha tupu iṅomi ha na ebe nchekwa nwere oke n'elu ngwugwu. Enwere ike ibido njupụta site na izipu ozi IKE_SA_INIT emebere nke ọma nke a na-ahazi na-enweghị nyocha. Na ụdị ochie nke strongSwan, a na-enyocha nha nha na onye na-ahụ maka ịkwụ ụgwọ KE (Key Exchange), mana na ụdị 5.3.0 agbakwunyere mgbanwe nke kpaliri nlele nke ụkpụrụ ọha n'akụkụ onye na-ahụ maka usoro DH. Diffie-Hellman) na gbakwunyere ọrụ jeneriki iji mee ka ịlele izi ezi nke otu ama ama DH. N'ihi nlekọta, ha chefuru ịgbakwunye ọrụ nlele ọhụrụ na usoro charon-tkm, nke na-arụ ọrụ dị ka onye nnọchiteanya n'etiti usoro IKE na TKM (Trusted Key Manager), n'ihi na ọrụ memcpy () nwere ụkpụrụ ndị a na-ejighị n'aka. nke ahụ kwere ka e dee ihe ruru 512 bytes na data nchekwa 10000-byte.
isi: opennet.ru