[Swan-announce] CVE-2013-2052: Libreswan remote buffer overflow in atodn()

Tue May 14 01:25:49 EEST 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Release date: Mon May 13, 2013

Subject: CVE-2013-2052 Libreswan remote buffer overflow in atodn()
URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2052

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-2013-2052/

See also: Openswan atodn() CVE-2013-2053, Strongswan atodn() CVE-2013-2054

An audit of code from The Libreswan Project revealed a remote buffer overflow
in the atodn() function used by both libreswan, openswan, and older versions
of strongswan and superfreeswan when called from atoid()

Vulnerable versions: libreswan 3.0 and 3.1
Not vulnerable     : libreswan 3.2 and 3.3

Vulnerability information
- -------------------------

When enabling Opportunistic Encryption ("OE") using oe=yes (default is
'no') the IKE daemon pluto requests DNS TXT records to obtain public
RSA keys of itself and its peers. These records can contain an IPsec
gateway specification containing an fully qualified hostname which is
passed to a function atoid().

When X.509 support was added to FreeS/WAN, ASN.1 parsing was added to
the function atoid() which converts an ASCII ID representation into an
internal struct id representation using a static buffer via the function
temporary_cyclic_buffer()

While DNS TXT records cannot contain ASN.1 representations, the code
mistakenly checked for such interpretation if the DNS TXT FQDN contained
an '=' symbol. Since DNS TXT buffers can be larger than what the ASN.1
parsing code expected, parsing such a record can trigger a buffer overflow
leading to remote execution of code, specifically when overflowing into
the struct kernel_ops which is a table of function pointers.

Exploitation
- ------------

This exploit can only be triggered when the ipsec.conf configuration
file enables Opportunistic Encryption via the option 'oe=yes'. If this
option is not present, it defaults to 'no'.

Configurations that enable "OE" without preconfiguring their own public
RSA key in DNS will be under severe connectivity problems leaving the
machine with 30 second delay for each outgoing connection - a deployment
scenario that is extremely unlikely to appear in the wild.

In the unlikely event that machines are configured as such, this
vulnerability can only be exploited by a local attacker controlling
the reverse DNS entry for the IP address of the targetted host. If the
machine is properly configured for OE, an attacker only needs to trigger
a connection to an IP address for which they control the reverse DNS
zone where they can place the malicious DNS record.

Workaround
- ----------

If you cannot upgrade to libreswan version 3.2 or 3.3, the following patch
addresses the vulnerability:

https://libreswan.org/security/CVE-2013-2052/7d0ca355.patch

Alternatively, the following patch can be used to permanently disable the
oe=yes option:

diff --git a/lib/libipsecconf/keywords.c b/lib/libipsecconf/keywords.c
index b69d5e1..d7ca5a5 100644
- --- a/lib/libipsecconf/keywords.c
+++ b/lib/libipsecconf/keywords.c
@@ -381,7 +381,7 @@ struct keyword_def ipsec_conf_keywords_v2[]={
      {"plutofork",           kv_config, kt_bool,      KBF_PLUTOFORK,NOT_ENUM},
      {"perpeerlog",        kv_config, kt_bool,   KBF_PERPEERLOG,NOT_ENUM},
      {"perpeerlogdir",        kv_config, kt_dirname,   KSF_PERPEERDIR,NOT_ENUM},
- -    {"oe",             kv_config, kt_bool,      KBF_OPPOENCRYPT,NOT_ENUM},
+    {"oe",             kv_config, kt_obsolete,  KBF_WARNIGNORE,NOT_ENUM},
      {"fragicmp",       kv_config, kt_bool,      KBF_FRAGICMP,NOT_ENUM},
      {"hidetos",        kv_config, kt_bool,      KBF_HIDETOS,NOT_ENUM},
      {"uniqueids",      kv_config, kt_bool,      KBF_UNIQUEIDS,NOT_ENUM},

Related
- -------

These functions are also used in other freeswan derivatives - openswan 1.x to 2.6.38,
strongswan 1.x to 4.3.4 and superfreeswan.

For full information regarding openswan, see CVE-2013-2053
For full information regarding strongswan, see CVE-2013-2054

Credits
- -------

This vulnerability was found by Florian Weimer of the Red Hat Product
Security Team (https://access.redhat.com/security/team/)


About libreswan (https://libreswan.org/)
- ----------------------------------------

Libreswan is a free implementation of the Internet Protocol Security
(IPsec) suite and Internet Key Exchange (IKE) protocols. It is a
descendant (fork) of openswan 2.6.38.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBCAAGBQJRkWg1AAoJEIX/S0OzD8b5vHsP/1iUfVRVa1MolK7LzOYeBLH1
9Pt43kgu8aemov8S50bTC7KheGkVh7d4bdEfzsARz2aA/E2G8nlZNJlH4CbBlv/f
AfQ+Aa8RIbhOGYzuXaHaOyR/c7QgEry9XFRExd0FU+R0i2O4zINempu5BpBaSZZo
8lo/Y4SBEszJduZ1mYGeU60ilUu/9NTIzJLIqaXz81feYIkL6Q/YwBPvNYbnwe/S
k/7Yof5Xsjb/vt0HOWWUNIHx0oTSuo9CG/hNed38v/0ea1IruPdXQkK/Dw3uewjl
pLXPNqYCwbp/mYDrFBe5IC4+/GJaRK4u6oippes24EYujZfEm7DPP/F2mxnzSNM4
hTJE/Y2B16Ltwe28odFT30Dfgf36sbD0WwiDrSkRZXweZEs9H3nx4nmp2AWT4aWe
540Q9iy60hylUjSbScXszhAae8qRaoaXKY8Hzfmk/d1W6Xf0k9fedr6/HoFmQgGl
DFARY1uAMwy75XkGMsGv+mCqMs7N8p/yfSco1fqD4xEXWDIcQViF7dNBDQXk4cBJ
n7dp7FZ66rk20ae148/V9EusyH8htlf4R5Ku36tY+rqa7bmsR+0lRozYCbt3urbn
aCouUy0+Y93/oc+a1DoLXwgdjam44fvHYCJO5JxBTINg7MwN1CKm7KM2TOf+Ylkv
uvwqEHY+Lrr4F1aSmCFv
=usGY
-----END PGP SIGNATURE-----
