15-Year-Old StrongVPN Vulnerability Exposes Users to Crashing Attacks via Integer Overflow

Post Views: 2

VPN Servers Vulnerable to 15-Year-Old Integer Underflow Flaw

For over a decade and a half, a critical vulnerability has been lurking within the widely-used strongSwan VPN software. A recent study by Bishop Fox has shed light on the issue, exposing a long-standing weakness that can cause VPN servers to crash due to an integer underflow bug.

Affects Nearly Every Version of strongSwan

The integer underflow occurs when a malicious actor sends a small message, causing the server to attempt to allocate an impossibly large amount of memory.
This results in a massive memory corruption and subsequent service collapse.

According to the research by Bishop Fox, “The attack requires a vulnerable version of strongSwan, with the EAP-TTLS plugin enabled and configured to accept IKEv2 connections.”

To exploit this vulnerability, an attacker needs to send a specially crafted message to the server, which will then attempt to allocate excessive memory resources. The attack requires a vulnerable version of strongSwan, with the EAP-TTLS plugin enabled and configured to accept IKEv2 connections.

Mitigation Recommendations

Upgrading to version 6.0.5 or higher is recommended to mitigate the issue.
Researchers at Bishop Fox have created a testing tool that simulates the attack without causing actual harm, enabling administrators to test their systems’ vulnerability without disrupting service.
Disabling the EAP-TTLS plugin altogether can prevent potential attacks.

This finding serves as a reminder of the importance of regularly updating software and plugins to ensure the latest security patches are applied. As we continue to rely on digital communication and connectivity, identifying and addressing vulnerabilities becomes increasingly crucial to safeguard our networks and protect against potential threats.