[Swan-announce] libreswan-4.15 released to address CVE-2024-3652

The Libreswan Team team at libreswan.org
Mon Apr 15 19:51:20 EEST 2024 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Release date: Monday, April 15, 2024
Contact: security at libreswan.org
PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9

===================================================================
CVE-2024-3652: IKEv1 default AH/ESP responder can crash and restart
===================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2024-3652

The Libreswan Project was notified of an issue that causes libreswan
to crash and restart when it is acting as an IKEv1 responder with
AH/ESP default setting, when no esp= line is present in the connection
configuration. The bug is triggered when after IKEv1 authentication has
succeeded (via Main Mode or Aggressive Mode), a Quick Mode message is
received containing a bogus AES-GMAC proposal.

When such a connection is automatically added on startup using the auto=
keyword, it can cause repeated crashes leading to a Denial of Service.

Severity: Medium
Vulnerable versions : libreswan 3.22 - 4.14
Not vulnerable      : libreswan 3.0 - 3.21, 4.15+, 5.0+

Vulnerability information
=========================
The function compute_proto_keymat() did not handle unexpected proposals
for which the keymat size is 0, such as AES-GMAC which can be used only
with NULL encryption.  The function ends up calling an assertion failure
routine. No Remote Code Execution is possible.

Exploitation
============
The vulnerability can only be exploited when an IKEv1 connection is loaded
without an esp= line. It also requires the peer to have authenticated
itself before it can send the bogus request triggering the issue. IKEv2
connections are not vulnerable.

Workaround
==========
An esp= line using a common IKEv1 algorithm list can be added to all
IKEv1 based connections. An example of such an esp= line could be:

     esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5

History
=======
* 24-03-2024 https://github.com/libreswan/libreswan/issues/1665 reported
* 27-03-2024 Fix published via commit 03caa63de1e3 (as issue was already public via githb issue)
* 10-04-2024 Advanced notice given to supported customers and distributions
* 15-04-2024 Public announcement and release of 4.15

Credits
=======
This vulnerability was found and reported by github user X1AOxiang

Upgrading
=========
To address this vulnerability, please upgrade to libreswan 4.15 or later,
or libreswan 5.0 or later.


About libreswan (https://libreswan.org/)
========================================
Libreswan is a free implementation of the Internet Key Exchange (IKE)
protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of
openswan 2.6.38. IKE is used to establish IPsec VPN connections.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).

Patches
=======
For those who cannot upgrade, a patch is available at:
https://github.com/libreswan/libreswan/commit/03caa63de1e34c29dd3e7e835070d363ca197bfd
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmYXQ5ATHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+V/GD/wOIVq2Zu1TyqZwyER6Y43th+JE/toO
WuRW+AhNVCyKjO7pkJey+asR0PZNpNISLW15xx6TE3CFv/BBVKk4JGLDUEGTV5ue
OzuTUxh9UW60dzK6780Z1dnoJ9pZgIQmBsxvkTCFwoVYaoDx9H6twJvqvqsYPC8Q
d+B59Xfn/pFcxk52a7tJ/erWbyo9cTHU9GN4Y6W6nNCNmjeVUHWET5QnE2pKe4eH
k6ZjSdKEUYMPqbUJJFlUsQv0x8QUvImBIsfomgAscKpxkdLWrFsiu41wRk6MAWT3
R6jN4D7A6OrU4foOT+HZnW8NV+p2j8+JES6kke9mQCxysP6NbPyS//J90tEmZzi/
m9H7leAhZojPrNdrdB7FVqnFGqecSrs9OwOhlNaNUqtabeP/jFpg84S9aDIUaJ4J
fe51UAvNXqrHCC9l18t4Su/1MCtf6zcPpdkbVAkIsdLNzSwLbdyKhCsa6CgkmL37
PgAoBKGH4YalJEzkyqnr/BU38dUnP6Wk5nci5uT8aFdWdRblbv7nYORklfQwAhW+
iYp4uilmvrdVxxo78pgPKv9NYXh0QROezm3ViU04HaLjGUgjPkeUstRK1qnupypT
ePycNxw4CXUhkSWzplM/iqOHHBDa80zsYEY9b06vbjQ0Pp9BcF9MSrx1ldaRpvuO
it8rqn3xGlirnw==
=d6pu
-----END PGP SIGNATURE-----

More information about the Swan-announce mailing list