[Swan] [Swan-announce] libreswan 3.15 released to resolve CVE-2015-3240: bad DH g^x by remote peer causes IKE daemon restart

The Libreswan Project team at libreswan.org
Tue Aug 25 04:25:47 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


The Libreswan Project has released libreswan-3.15

This is a security release to address CVE-2015-3240

(note this CVE number looks very similar to our previous one, CVE-2015-3204)

The Libreswan Team discovered a bug in the DH handling of libreswan and
its predecessor openswan. When the pluto IKE daemon receives a g^x = 0,
it would hit a passert() and restart the pluto IKE daemon.

Additionally, Labeled IPsec was broken in 3.14 and fixed with this
release. KLIPS support for 4.x kernels has been added. NETKEY
type=passthrough priority handling is fixed.

You can download libreswan via https at:

https://download.libreswan.org/libreswan-3.15.tar.gz
https://download.libreswan.org/libreswan-3.15.tar.gz.asc

The full changelog is available at:
https://download.libreswan.org/CHANGES

A patch of just the CVE-2015-3240 issue is available at:
https://libreswan.org/security/CVE-2015-3240/

Please report bugs either via one of the mailinglists or at our bug tracker:

https://lists.libreswan.org/
https://bugs.libreswan.org/

Binary packages for RHEL/EPEL and Debian/Ubuntu can be found at
https://download.libreswan.org/binaries/
(you can also take the source and issue "make deb", or use the
  spec files in the packaging/ directory)

Binary packages for Fedora can be found in the respective fedora
repositories.

See also https://libreswan.org/

v3.15 (August 24, 2015)
* SECURITY: CVE-2015-3240 IKE daemon restart when receiving a bad DH gx [Hugh]
* KLIPS: fix use of *iovec() functions for linux 4.x kernels [Greg Ungerer]
* IKEv1: Remove old IPsec SA's when newest IPsec SA is removed [CHEN, JIANFU]
* IKEv1: Fix Labeled IPsec SECCTX parsing - bug introduced in 3.14 [Matt]
* NETKEY: workaround for NLMSG_OK() macro causing build failure on i686 [Hugh]
* NETKEY: Fix IPsec SA priority on type=passthrough conns [Antony]
* NETKEY: Fix nflog= on type=passthrough conns [Paul]
* pluto: Use PORT_ErrorToString() to translate NSS errors [Matt]
* pluto/whack: add --impair-send-zero-gx to test CVE-2015-3240 [Paul]
* ipsec: checknss/initnss must both convert old database if it exists [Tuomo]
* packaging: debian fixes for userland package [Antony]




CVE-2015-3240 libreswan/openswan: denial of service via IKE daemon restart
               when receiving a bad DH gx by peer

URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3240

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-2015-3240/

The Libreswan Project discovered that receiving a g^x value of zero from
an unauthenticated remote peer was not handled properly by the pluto IKE
daemon, causing the pluto IKE daemon to restart. The vulnerability is
present in libreswan and its predecessor openswan.


Vulnerable versions: libreswan up to version 3.14
                      openswan (if compiled with NSS) up to version 2.6.44
Not vulnerable     : libreswan 3.15 and newer

If you cannot upgrade to libreswan 3.15, please see the above link for a
patch for this issue.

Vulnerability information
- -------------------------

The NSS library returns NULL when DiffieHellman exponentiation fails. The
IKE daemon pluto verifies that the result is not NULL and triggers a
passert() when it is NULL. This causes the IKE daemon pluto to restart.

Exploitation
- ------------

This denial of service can be launched by anyone using a single IKE packet.
No authentication credentials are required. No remote code execution is
possible through this vulnerability. Libreswan automatically restarts when
it crashes.

Workaround
- ----------

There is no workaround. Either upgrade or use the supplied patch in the
above listed resource URL.

Credits
- -------

This vulnerability was found by The Libreswan Team.

About libreswan (https://libreswan.org/)
- ----------------------------------------

Libreswan is a free implementation of the Internet Protocol Security
(IPsec) suite and Internet Key Exchange (IKE) protocols. It is a
descendant (fork) of openswan 2.6.38.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV2+39AAoJEIX/S0OzD8b52cwQAJndpEMtDdTweNdpqFB8vJGJ
/Um+VmjeO8G3z66grP0HsNHdGoyb17JvDOzLzHyuCHuCGqvCWPi0lw7qTtZjiSPH
Au1EHjJ+0NqfH0gIfVki42WazWZaygAXmihgof4weaTr6ZTCrtLwUGmWkq1X0L7g
i9JnE65h3GJARwTBeXsTkSDPsZk0XyJ2/j7sKELGsFnWrTDlg5CqbEwqkFwiN5df
7B8qJFCsPWhrhhxtjDPua7rA7R263Miv+9r4yTbOCLjqscoGER7e1MTv5chHP4nW
59GSr7tAdukhvnJwSNYlYnxh22K/IAXaLKa6TVd/VeOHQ6JAzOSxA00t/BwSD3GE
U2kkHvwX4VJMtVg56GjiWoNhZGjEMfa3tvSg3hmKDQpofkPQGMz8U+53b7tQzmzj
JKFeMB/i+emldgYx2MzGXXSJX8ME2OCvRiSkL+tVLaNLTZhG6u9IiPg6204rRSoH
qyelduplbS78cL7LLFmS1U7KSdy4B+geCY9Jga0G0v75UsSCM3gLZAQtbcoyWnTx
oDnKlmTCkPdJtoFnL+cXpyHfUFBZBoOUrlZu1PgbMLCeiNdoGlbbh59qgDroCvln
1Q9c9RjcIFFEedS9J0K1QYbJNltCsxJ2XhgNObZ84P1nXgEs2eeQwnc+cOYKRPRX
zMAuuvH0qEZ08clkAwBX
=sYGE
-----END PGP SIGNATURE-----
_______________________________________________
Swan-announce mailing list
Swan-announce at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-announce


More information about the Swan mailing list