-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Release date: Monday, April 15, 2024 Contact: security@libreswan.org PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 =================================================================== CVE-2024-3652: IKEv1 default AH/ESP responder can crash and restart =================================================================== This alert (and any updates) are available at the following URLs: https://libreswan.org/security/CVE-2024-3652 The Libreswan Project was notified of an issue that causes libreswan to crash and restart when it is acting as an IKEv1 responder with AH/ESP default setting, when no esp= line is present in the connection configuration. The bug is triggered when after IKEv1 authentication has succeeded (via Main Mode or Aggressive Mode), a Quick Mode message is received containing a bogus AES-GMAC proposal. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. Severity: Medium Vulnerable versions : libreswan 3.22 - 4.14 Not vulnerable : libreswan 3.0 - 3.21, 4.15+, 5.0+ Vulnerability information ========================= The function compute_proto_keymat() did not handle unexpected proposals for which the keymat size is 0, such as AES-GMAC which can be used only with NULL encryption. The function ends up calling an assertion failure routine. No Remote Code Execution is possible. Exploitation ============ The vulnerability can only be exploited when an IKEv1 connection is loaded without an esp= line. It also requires the peer to have authenticated itself before it can send the bogus request triggering the issue. IKEv2 connections are not vulnerable. Workaround ========== An esp= line using a common IKEv1 algorithm list can be added to all IKEv1 based connections. An example of such an esp= line could be: esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5 History ======= * 24-03-2024 https://github.com/libreswan/libreswan/issues/1665 reported * 27-03-2024 Fix published via commit 03caa63de1e3 (as issue was already public via githb issue) * 10-04-2024 Advanced notice given to supported customers and distributions * 15-04-2024 Public announcement and release of 4.15 Credits ======= This vulnerability was found and reported by github user X1AOxiang Upgrading ========= To address this vulnerability, please upgrade to libreswan 4.15 or later, or libreswan 5.0 or later. About libreswan (https://libreswan.org/) ======================================== Libreswan is a free implementation of the Internet Key Exchange (IKE) protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of openswan 2.6.38. IKE is used to establish IPsec VPN connections. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Patches ======= For those who cannot upgrade, a patch is available at: https://github.com/libreswan/libreswan/commit/03caa63de1e34c29dd3e7e835070d363ca197bfd -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmYXQ5ATHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+V/GD/wOIVq2Zu1TyqZwyER6Y43th+JE/toO WuRW+AhNVCyKjO7pkJey+asR0PZNpNISLW15xx6TE3CFv/BBVKk4JGLDUEGTV5ue OzuTUxh9UW60dzK6780Z1dnoJ9pZgIQmBsxvkTCFwoVYaoDx9H6twJvqvqsYPC8Q d+B59Xfn/pFcxk52a7tJ/erWbyo9cTHU9GN4Y6W6nNCNmjeVUHWET5QnE2pKe4eH k6ZjSdKEUYMPqbUJJFlUsQv0x8QUvImBIsfomgAscKpxkdLWrFsiu41wRk6MAWT3 R6jN4D7A6OrU4foOT+HZnW8NV+p2j8+JES6kke9mQCxysP6NbPyS//J90tEmZzi/ m9H7leAhZojPrNdrdB7FVqnFGqecSrs9OwOhlNaNUqtabeP/jFpg84S9aDIUaJ4J fe51UAvNXqrHCC9l18t4Su/1MCtf6zcPpdkbVAkIsdLNzSwLbdyKhCsa6CgkmL37 PgAoBKGH4YalJEzkyqnr/BU38dUnP6Wk5nci5uT8aFdWdRblbv7nYORklfQwAhW+ iYp4uilmvrdVxxo78pgPKv9NYXh0QROezm3ViU04HaLjGUgjPkeUstRK1qnupypT ePycNxw4CXUhkSWzplM/iqOHHBDa80zsYEY9b06vbjQ0Pp9BcF9MSrx1ldaRpvuO it8rqn3xGlirnw== =d6pu -----END PGP SIGNATURE-----