From team at libreswan.org Wed Jan 12 02:53:57 2022 From: team at libreswan.org (The Libreswan Team) Date: Tue, 11 Jan 2022 19:53:57 -0500 (EST) Subject: [Swan-announce] libreswan-4.6 released to address CVE-2020-1763 [version corrected] Message-ID: <1b69bce6-3047-2360-8812-c87928f87f3b@nohats.ca> You can download libreswan via https at: https://download.libreswan.org/libreswan-4.6.tar.gz https://download.libreswan.org/libreswan-4.6.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Release date: Wednesday, January 11, 2022 Contact: security at libreswan.org PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 ===================================================================== CVE-2022-23094: Malicious IKEv1 packet can cause libreswan to restart ===================================================================== This alert (and any updates) are available at the following URLs: https://libreswan.org/security/CVE-2022-23094/ The Libreswan Project was notified by github user "MyOzCam" of an issue with receiveing a malformed IKEv1 packet that crashed their server. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference leading to a crash of the pluto daemon. Vulnerable versions: libreswan 4.2 - 4.5 Not vulnerable : libreswan 3.x, 4.0, 4.1 and 4.6+ Vulnerability information ========================= A log message added in libreswan 4.2 assumes that an IKEv1 state is created. In certain malformed packets, libreswan will attempt to log this but mistakenly assumes there is a state object to use to display the state object number. Some malformed packets are caught early enough that no state object is created. The log routine lookup then results in a NULL pointer dereference causing the libreswan IKE daemon to crash and restart. This can happen when receiving malformed packets from an IKE initiator using IKEv1 Main Mode or IKEv1 Aggressive Mode. Exploitation ============ This vulnerability cannot be abused for a remote code execution or an authentication bypass. But by continuing to send these packets, a denial of service attack against the libreswan IKE service is possible. Workaround ========== If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding the option ikev1-policy=drop to the "config setup" section of ipsec.conf. Alternatively, libreswan can be compiled with USE_IKEv1=false. If all remote peers are on static IP addresses, a firewall rule blocking UDP port 500 and 4500 can be installed to prevent attackers from sending packets to the pluto IKE daemon. If peers appear on dynamic IP addresses and IKEv1 connections must be supported, then no workarounds are known and libreswan must be updated or patched. History ======= * 2021-12-20 Initial report via https://github.com/libreswan/libreswan/issues/585 * 2021-12-21 Issue was fixed in the git main branch * 2022-01-11 Delayed release date to avoid holiday and end of year timing problems Credits ======= This vulnerability was found and reported by github user MyOzCam. Upgrading ========= To address this vulnerability, please upgrade to libreswan 4.6 or later. For those who cannot upgrade, patches are provided at the above URL, and are included for reference below. About libreswan (https://libreswan.org/) ======================================== Libreswan is a free implementation of the Internet Key Exchange (IKE) protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of openswan 2.6.38. IKE is used to establish IPsec VPN connections. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Patches ======= Please note that email clients might mangle the patch text included. Please use the above advisory URL to download a proper patch file. =============================== Patch for libreswan 4.2 or 4.3: =============================== diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c index 4f644fd4f8..e0f3652aa9 100644 - --- a/programs/pluto/ikev1.c +++ b/programs/pluto/ikev1.c @@ -2097,7 +2097,9 @@ void process_packet_tail(struct msg_digest *md) diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc, &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - log_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); @@ -2161,7 +2163,9 @@ void process_packet_tail(struct msg_digest *md) &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - log_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); =============================== Patch for libreswan 4.4 or 4.5: =============================== diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c index 9f4847874d..f7413f3594 100644 - --- a/programs/pluto/ikev1.c +++ b/programs/pluto/ikev1.c @@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md) diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc, &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - llog_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); @@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md) &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - llog_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOmlKLfkM1mIKecfy20jS5RIkaL8FAmHdsqwACgkQ20jS5RIk aL8Kiw//RjwIPifu7b7tGjycpsXxwcXTndT8R8fufvMCkNpXZ9ktqQXM6nyhPS9+ JzkIEc3yVOXshHPr4uKYSGEXOYEFVjUNqMp7U6jpR0iU0af+julCaovjYBVVFUtT W5mkMK9p6wUsP19gQCjNIz1TI2EbDjp6Ybp0ivjtAVH7NfHM8L+C3Seq9FlNGxFJ 1ufcgdgVOZCmHY9YG1ao8tTU02HKbxy8e97VqvmoZN4CxgdhYxFd5OkC9ghZXIK5 JZztfOzVAZvBEFqvcj5UomLsv5/K8CYwc+N9hlNJUrDi4UrQYJUbBdhUmmU6z84/ vRN05zqORGxp/ykgeLQLZHFn4ssxBWhu/qLQtjdA1ZdAsGKcOIcOgnyTEp6Zcn83 Xbr0I17FrBbA4khXSTYTec6NBICYI3f/0j139ZSf84vpSfCtql0jzHVnhmtEyhSI 60EvdAxnDFoy/IFSgb+yo7/EEyD0+FDjfsvj6TPPw0giMv8w9SwvaG4n294rCTO5 g0iPoksCqHvk/+AVgMYgswX1koR5TYF+CL2DiCW6Nvg7mEqbmBl1PGB7CsWlaYT/ JAQWXOaMyam0niFo2GhY3zsKSWJi5xlFCki5nSk7gPVJTVXOkiG6h2+rhdb0VuIJ eXeqh/tjvuXHOC+e+Tfx6mbbm0yapopUrOkaGibtGBrfwGv+l6c= =EBx7 -----END PGP SIGNATURE----- From team at libreswan.org Wed Jan 12 02:57:35 2022 From: team at libreswan.org (The Libreswan Team) Date: Tue, 11 Jan 2022 19:57:35 -0500 (EST) Subject: [Swan-announce] libreswan-4.6 released to address CVE-2022-23094 Message-ID: You can download libreswan via https at: https://download.libreswan.org/libreswan-4.6.tar.gz https://download.libreswan.org/libreswan-4.6.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Release date: Wednesday, January 11, 2022 Contact: security at libreswan.org PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 ===================================================================== CVE-2022-23094: Malicious IKEv1 packet can cause libreswan to restart ===================================================================== This alert (and any updates) are available at the following URLs: https://libreswan.org/security/CVE-2022-23094/ The Libreswan Project was notified by github user "MyOzCam" of an issue with receiveing a malformed IKEv1 packet that crashed their server. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference leading to a crash of the pluto daemon. Vulnerable versions: libreswan 4.2 - 4.5 Not vulnerable : libreswan 3.x, 4.0, 4.1 and 4.6+ Vulnerability information ========================= A log message added in libreswan 4.2 assumes that an IKEv1 state is created. In certain malformed packets, libreswan will attempt to log this but mistakenly assumes there is a state object to use to display the state object number. Some malformed packets are caught early enough that no state object is created. The log routine lookup then results in a NULL pointer dereference causing the libreswan IKE daemon to crash and restart. This can happen when receiving malformed packets from an IKE initiator using IKEv1 Main Mode or IKEv1 Aggressive Mode. Exploitation ============ This vulnerability cannot be abused for a remote code execution or an authentication bypass. But by continuing to send these packets, a denial of service attack against the libreswan IKE service is possible. Workaround ========== If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding the option ikev1-policy=drop to the "config setup" section of ipsec.conf. Alternatively, libreswan can be compiled with USE_IKEv1=false. If all remote peers are on static IP addresses, a firewall rule blocking UDP port 500 and 4500 can be installed to prevent attackers from sending packets to the pluto IKE daemon. If peers appear on dynamic IP addresses and IKEv1 connections must be supported, then no workarounds are known and libreswan must be updated or patched. History ======= * 2021-12-20 Initial report via https://github.com/libreswan/libreswan/issues/585 * 2021-12-21 Issue was fixed in the git main branch * 2022-01-11 Delayed release date to avoid holiday and end of year timing problems Credits ======= This vulnerability was found and reported by github user MyOzCam. Upgrading ========= To address this vulnerability, please upgrade to libreswan 4.6 or later. For those who cannot upgrade, patches are provided at the above URL, and are included for reference below. About libreswan (https://libreswan.org/) ======================================== Libreswan is a free implementation of the Internet Key Exchange (IKE) protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of openswan 2.6.38. IKE is used to establish IPsec VPN connections. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Patches ======= Please note that email clients might mangle the patch text included. Please use the above advisory URL to download a proper patch file. =============================== Patch for libreswan 4.2 or 4.3: =============================== diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c index 4f644fd4f8..e0f3652aa9 100644 - --- a/programs/pluto/ikev1.c +++ b/programs/pluto/ikev1.c @@ -2097,7 +2097,9 @@ void process_packet_tail(struct msg_digest *md) diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc, & pd->payload, & sizeof(pd->payload), & &pd->pbs); if (d != NULL) { - - log_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); @@ -2161,7 +2163,9 @@ void process_packet_tail(struct msg_digest *md) & pd->payload, & sizeof(pd->payload), & pd->pbs); if (d != NULL) { - - log_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); =============================== Patch for libreswan 4.4 or 4.5: =============================== diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c index 9f4847874d..f7413f3594 100644 - --- a/programs/pluto/ikev1.c +++ b/programs/pluto/ikev1.c @@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md) diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc, & pd->payload, & sizeof(pd->payload), & &pd->pbs); if (d != NULL) { - - llog_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); @@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md) & pd->payload, & sizeof(pd->payload), & pd->pbs); if (d != NULL) { - - llog_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOmlKLfkM1mIKecfy20jS5RIkaL8FAmHdsqwACgkQ20jS5RIk aL8Kiw//RjwIPifu7b7tGjycpsXxwcXTndT8R8fufvMCkNpXZ9ktqQXM6nyhPS9+ JzkIEc3yVOXshHPr4uKYSGEXOYEFVjUNqMp7U6jpR0iU0af+julCaovjYBVVFUtT W5mkMK9p6wUsP19gQCjNIz1TI2EbDjp6Ybp0ivjtAVH7NfHM8L+C3Seq9FlNGxFJ 1ufcgdgVOZCmHY9YG1ao8tTU02HKbxy8e97VqvmoZN4CxgdhYxFd5OkC9ghZXIK5 JZztfOzVAZvBEFqvcj5UomLsv5/K8CYwc+N9hlNJUrDi4UrQYJUbBdhUmmU6z84/ vRN05zqORGxp/ykgeLQLZHFn4ssxBWhu/qLQtjdA1ZdAsGKcOIcOgnyTEp6Zcn83 Xbr0I17FrBbA4khXSTYTec6NBICYI3f/0j139ZSf84vpSfCtql0jzHVnhmtEyhSI 60EvdAxnDFoy/IFSgb+yo7/EEyD0+FDjfsvj6TPPw0giMv8w9SwvaG4n294rCTO5 g0iPoksCqHvk/+AVgMYgswX1koR5TYF+CL2DiCW6Nvg7mEqbmBl1PGB7CsWlaYT/ JAQWXOaMyam0niFo2GhY3zsKSWJi5xlFCki5nSk7gPVJTVXOkiG6h2+rhdb0VuIJ eXeqh/tjvuXHOC+e+Tfx6mbbm0yapopUrOkaGibtGBrfwGv+l6c= =EBx7 -----END PGP SIGNATURE----- _______________________________________________ Swan-announce mailing list Swan-announce at lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-announce From team at libreswan.org Wed May 25 02:10:40 2022 From: team at libreswan.org (The Libreswan Team) Date: Tue, 24 May 2022 19:10:40 -0400 (EDT) Subject: [Swan-announce] libreswan-4.7 released, bufix release and EAPTLS support Message-ID: <23a113b-d242-db0-f1a2-6401bd6c57@nohats.ca> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 The Libreswan Project has released libreswan 4.7 This release adds support for EAPTLS, FreeBSD/NetBSD fixes, and fixes an interop issue with Android 12. This latest version of libreswan can be downloaded from: https://download.libreswan.org/libreswan-4.7.tar.gz https://download.libreswan.org/libreswan-4.7.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our github bug tracker: https://lists.libreswan.org/ https://github.com/libreswan/libreswan/issues Binary packages for RHEL/CentOS can be found at: https://download.libreswan.org/binaries/ Binary packages for Fedora and Debian should be available in their respective repositories a few days after this release. See also https://libreswan.org/ v4.7 (May 24, 2022) * IKEv2: EAPTLS support [Timo Ter?s / Andrew] * IKEv2: EAPONLY support [Andrew] * IKEv2: fix interop when IPCOMP+transport-mode [Andrew] * IKEv2: fix race between new IKE SA and liveness [Andrew] * IKEv2: fix interop with Android 12 + certificates [Andrew] * IKEv1: reject IKEv2 only authby=secret+rsasig [Andrew] * config: end keywords with no left/right prefix are applied to both ends * kernel: fix double delete of kernel policy when tearing down SA [Andrew] * kernel: fix deleting policy when an XFRMi FD ID; github/618 [Andrew] * kernel: general cleanups [Andrew] * _stackmanager / pluto: support Ubuntu 18.04 LTS kernels [Paul] * FreeBSD: libreswan builds out-of-the-box [Andrew] * BSD: Add IPv6 support (tested on NetBSD) * building: fix build on fedora rawhide [Paul] * internals: initiate IKEv2 CREATE_CHILD_SA exchange using IKE SA [Andrew] * internals: _updown.bsdkame renamed to _updown.bsd -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmKNZU4THHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+R9+D/wJ5Uu+B52FRaNFg7eLVt5BaUUV41RZ Sn/SajvO2bp4/4z/uMvBdS9GM/kZQOQGy3wAb0vXKrPsFC8duOt11zcAZBZAIdtn 5H8xbsua1moYVkNV6iTUL5sE4KrxNHjU4H2TNbPfS6RkZmxg1baLHkEvtvDpWfYk JPDqLK53xykOug2OlyEfby07OCkqcLy0u8RdncHkcPzleiDZ4GKq5Xpm5OjrCplN 9roPz/rfNXmkCP6CCYAGJ0UFObhNx6evmlTISlp6FRCFqgiDAGh7QAu/FuB6jMVj BwKKR6mOHRifLQ4TqOZHhDCw093tvP2/ILzTUg8eVG1bwY1ZkQwjza0MxmdX0GRD lJJGbh6xWf5KzUt15aHChOJYVwSt6zQZfTZyEny1JgFdrAtkDqlw9AeA2P/jD+86 w/yb8um7AKGgpbqdbilyxLYwE1PHq4ZTB9u/K2p02/3atHP7nny2Brc9EtVcRi+B GH10ozz3XBR+k+vT5w/yBGItbj4uifyYuaq4SbMFtNx7KdqKnZ/61HKShW/6Io9C unwS0wB03iNSc8oVC2ND9jkwFdnLSghXP97SVUA8UuWoUmLYqLOTDGSWimL4h26F NrSabXUwO/6PA/yzpfMUaRkRmnDM/sflRbqcDxjwZDvQMFZjrpdGD+f8OKryL8/Y aifVQk9hA3hWTw== =WRxr -----END PGP SIGNATURE----- From team at libreswan.org Mon Oct 3 22:07:37 2022 From: team at libreswan.org (The Libreswan Team) Date: Mon, 3 Oct 2022 15:07:37 -0400 (EDT) Subject: [Swan-announce] libreswan-4.8 released, maintenance release Message-ID: <6fe14336-621d-534e-4387-6b4d4641ff2@nohats.ca> The Libreswan Project has released libreswan 4.8 This release adds support for ipsec-max-bytes= and ipsec-max-packets=, and adds raw (non-certificate) ECDSA support using leftpubkey= and rightpubkey= This latest version of libreswan can be downloaded from: https://download.libreswan.org/libreswan-4.8.tar.gz https://download.libreswan.org/libreswan-4.8.tar.gz.asc The full changelog is available at: https://download.libreswan.org/CHANGES Please report bugs either via one of the mailinglists or at our github bug tracker: https://lists.libreswan.org/ https://github.com/libreswan/libreswan/issues Binary packages for RHEL/CentOS can be found at: https://download.libreswan.org/binaries/ Binary packages for Fedora and Debian should be available in their respective repositories a few days after this release. See also https://libreswan.org/ v4.8 (October 2, 2022) * release: remove SHA1 bindings from LIBRESWAN OpenPGP key [dkg/Paul] * pluto: ignore obsoleted unused interfaces= / --iface [Paul/Andrew] * pluto: various internal crypto struct changes [Andrew] * pluto: fix traffic counters for AH and IPCOMP [Andrew] * pluto: improve logging of duplicate serial cert error [Andrew] * pluto: support for maxbytes/maxpacket counters [Antony/Paul] * pluto: handle HW tokens using strange CKAIDs; github/815 [Andrew] * pluto: added --ipsec-max-bytes / --ipsec-max-packets support [Antony] * libipsecconf: added ipsec-max-bytes= and ipsec-max-packets= options [Paul] * IKEv2: emit one CERTREQ payload with all the hashes [Andrew] * addconn/whack: add support for {left,right}pubkey= [Andrew] * showhostkey: add support for ECDSA pubkeys [Andrew] * Crypto: add KDF self tests [Daiki Ueno] * IPv6: open IPv6 IKE port 4500; github/800 [Andrew] * showhostkey: add --pem option to print PEM encoded public key [Andrew] * unbound: _unbound-hook converted from python to shell [Andrew] * BSD: delete old BSDKAME code replaced by PFKEYV2 code [Andrew] * BSD: fix replay window byte vs bit math [Andrew] * BSD: fix code finding interfaces; github/728 [Andrew] * FreeBSD: support large replay window; github/756 [Andrew] * FreeBSD: support ESN; github/721 [Andrew] * linux: update copy of xfrm.h header [Paul] * packaging: update fedora spec file [Paul/Tuomo] * building: on BSD, always use GCC; freebsd/264288 llvm/55963 [Andrew] * building: enable LTO when USE_LTO=true; github/836 github/834 [Andrew] * building: dropped default build and packaging support for: Fedora 22, 28, 29, 30 Debian stretch Ubuntu cosmic, xenial RHEL6 was removed in v4.5 Add SUSE, Arch, Mint