-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Release date: Wednesday, January 11, 2022 Contact: security@libreswan.org PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 ===================================================================== CVE-2022-23094: Malicious IKEv1 packet can cause libreswan to restart ===================================================================== This alert (and any updates) are available at the following URLs: https://libreswan.org/security/CVE-2022-23094/ The Libreswan Project was notified by github user "MyOzCam" of an issue with receiveing a malformed IKEv1 packet that crashed their server. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference leading to a crash of the pluto daemon. Vulnerable versions: libreswan 4.2 - 4.5 Not vulnerable : libreswan 3.x, 4.0, 4.1 and 4.6+ Vulnerability information ========================= A log message added in libreswan 4.2 assumes that an IKEv1 state is created. In certain malformed packets, libreswan will attempt to log this but mistakenly assumes there is a state object to use to display the state object number. Some malformed packets are caught early enough that no state object is created. The log routine lookup then results in a NULL pointer dereference causing the libreswan IKE daemon to crash and restart. This can happen when receiving malformed packets from an IKE initiator using IKEv1 Main Mode or IKEv1 Aggressive Mode. Exploitation ============ This vulnerability cannot be abused for a remote code execution or an authentication bypass. But by continuing to send these packets, a denial of service attack against the libreswan IKE service is possible. Workaround ========== If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding the option ikev1-policy=drop to the "config setup" section of ipsec.conf. Alternatively, libreswan can be compiled with USE_IKEv1=false. If all remote peers are on static IP addresses, a firewall rule blocking UDP port 500 and 4500 can be installed to prevent attackers from sending packets to the pluto IKE daemon. If peers appear on dynamic IP addresses and IKEv1 connections must be supported, then no workarounds are known and libreswan must be updated or patched. History ======= * 2021-12-20 Initial report via https://github.com/libreswan/libreswan/issues/585 * 2021-12-21 Issue was fixed in the git main branch * 2022-01-11 Delayed release date to avoid holiday and end of year timing problems * 2022-01-13 Updated patch for Libreswan 4.2 and 4.3 Credits ======= This vulnerability was found and reported by github user MyOzCam. Upgrading ========= To address this vulnerability, please upgrade to libreswan 4.6 or later. For those who cannot upgrade, patches are provided at the above URL, and are included for reference below. About libreswan (https://libreswan.org/) ======================================== Libreswan is a free implementation of the Internet Key Exchange (IKE) protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of openswan 2.6.38. IKE is used to establish IPsec VPN connections. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Patches ======= Please note that email clients might mangle the patch text included. Please use the above advisory URL to download a proper patch file. =============================== Patch for libreswan 4.2 or 4.3: =============================== diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c index 4f644fd4f8..e0f3652aa9 100644 - --- a/programs/pluto/ikev1.c +++ b/programs/pluto/ikev1.c @@ -2097,7 +2097,9 @@ void process_packet_tail(struct msg_digest *md) diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc, &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - log_diag(RC_LOG, st->st_logger, &d, "%s", ""); + log_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); @@ -2161,7 +2163,9 @@ void process_packet_tail(struct msg_digest *md) &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - log_diag(RC_LOG, st->st_logger, &d, "%s", ""); + log_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); =============================== Patch for libreswan 4.4 or 4.5: =============================== diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c index 9f4847874d..f7413f3594 100644 - --- a/programs/pluto/ikev1.c +++ b/programs/pluto/ikev1.c @@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md) diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc, &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - llog_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); @@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md) &pd->payload, sizeof(pd->payload), &pd->pbs); if (d != NULL) { - - llog_diag(RC_LOG, st->st_logger, &d, "%s", ""); + llog_diag(RC_LOG, + st != NULL ? st->st_logger : md->md_logger, + &d, "%s", ""); LOG_PACKET(RC_LOG_SERIOUS, "%smalformed payload in packet", excuse); -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmHgFK0ACgkQhf9LQ7MP xvnKgQ/+LaIt1wFIOptaBi2hhCblhV26BwUPeEuLqXritl5brETVBFfqtkn0hWzs tOShhO35988szlBDObuqnQw7aO5CnrAxLS5WRljSpSTKK1s4/a+JExRTzEgrzar9 YAWXbc9x5Vzc234uXxoO4koWS3px679MiXZ8bmezoAu/ANgwvkRvouIhSkYGtQpM vXvxxsUfvjSk7rbtjiBIvvZQKzPS9rJxy1De8skvoAqrKEaQyJ9mp0LXLqRhAb5n KeziEACYONrHC1uRf9r+gVKtAX3WRUFZOyEBKUZV1AROVzLpSHaTcsdU+K1gubay lfHVxWJa/kb0oPF+dT3LA07b85D0377a5RnjM9xhHvAgZBhzixfW31VCp64w7c1S WE4ZuMjkrDO8U0zf32PHR20dPX57TYGXE1/oQvukgilMon9OMKALP2a7fLRKG7Kn +9IP1oHndhYD/BqRm+ahKWmd6cWQduV1qiJ3CqUPX2pmX9tchHZAwa06pU0xoh0d pKWMCVXAsgo5Uk8Fbw2812WPzwJzeaDyB1g5fumurR9bVPmkL3yjSuccQOftMUbd v8qfkrPL1KmxAulLTr+CVPc290qV+xbZfW5yos6ppHgYkTX7dq+mvBsA7QNKEv4C H5tBIG6cbMUTWigBMY5zkbbE7YXtIgz65KksKBEqeL6ZfLOZjU0= =sFAV -----END PGP SIGNATURE-----