strongSwan - strongSwan Authentication Bypass Vulnerability (CVE-2014-2338)
In the strongSwan IKEv2 code. Affected are all strongSwan versions back to 4.0.7, including the latest 5.1.2. The bug can be triggered by rekeying an unestablished IKE SA while it gets actively initiated. This allows an attacker to trick the peer's IKE SA state to established, without the need to provide any valid authentication credentials. His means when re-authentication is disabled (. Possible (because of the use of asymmetric EAP or virtual IP exchanges),. The just released strongSwan 5.1.3.
strongSwan Installation Documentation - InstallationDocumentation - strongSwan
There is a growing list of configure options available ( note that many of these are enabled by default. Refer to the list of plugins. To learn more about the plugins enabled with the above options. Some plugins have dependencies on third-party libraries. To compile such plugins the header files of those libraries are required. Make sure these are installed on your system, e.g. by installing the appropriate. The build procedure is as with any autotools project:. Make sudo make install. To build strongSwa...