-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Subject: CVE-2011-3380 Openswan IKE invalid key length vulnerability Release date: Wed Oct 5, 2011 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3380 Security Alert: This alert (and any possible updates) is available at the following URL: http://www.openswan.org/download/CVE-2011-3380/ The Openswan project has discovered a vulnerability in the key length handler in our IKE daemon implementation "pluto". Vulnerable versions: openswan 2.6.29 up to 2.6.35 Fixed version : openswan 2.6.36 Vulnerability information: When an ISAKMP message with an invalid KEY_LENGTH attribute is received, the error handling function crashes on a NULL pointer dereference. Openswan automatically restarts the pluto IKE daemon but all ISAKMP state is lost. This vulnerability does NOT allow an attacker access to the system. This can be used to launch a denial of service attack by sending repeated IKE packets with the invalid key length attribute. Openswan is only vulnerable if the attacker's IP address is allowed to connect to it by a loaded policy. For static tunnels, this is limited to the allowed remote IP address. However, in the case of supporting dynamic clients ("roadwarriors", via right=%any) any IP address can trigger the crash. The crash is independant of the authentication method used (PSK, RAW RSA or X.509), Restricted static IPs could also be spoofed to trigger the vulnerability. This vulnerability happens in the IKE layer before any authentication has taken place, meaning the attacker can crash openswan without the need to know a preshared key (PSK) and without the need for a valid X.509 certificate, as long as there is a potential match for the attacker's IP address and the loaded IKE policies. Vulnerability Details: The function parse_isakmp_sa_body() calls the function ike_alg_enc_ok() twice, once to verify the algorithm and once to verify the key length. In openswan 2.6.29, the second call was changed to pass NULL as the errp pointer. The function ike_alg_enc_ok() error handler improperly dereferences the errp pointer. Full release: The latest openswan release which fixes all known issues can be found at: http://www.openswan.org/download/openswan-2.6.36.tar.gz http://www.openswan.org/download/openswan-2.6.36.tar.gz.asc (GPG signature) Patch: For those unable to upgrade to the latest openswan 2.6.36 release, the following patch can be used to resolve this problem: diff --git a/programs/pluto/ike_alg.c b/programs/pluto/ike_alg.c index 78aea4a..08b8d82 100644 - --- a/programs/pluto/ike_alg.c +++ b/programs/pluto/ike_alg.c @@ -115,7 +115,7 @@ bool ike_alg_enc_ok(int ealg, unsigned key_len, ealg, key_len); } ); - - if (!ret && *errp) + if (!ret && errp) *errp = ugh_buf; return ret; } About openswan (http://www.openswan.org/): Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). About Xelerance (http://www.xelerance.com/): Xelerance is the custodian of the openswan IPsec software and the L2TP server xl2tpd. These are used in combination to provide Enterprise VPN solutions. Headquartered in Ottawa, the high-tech capital of Canada, Xelerance provides products and services to secure the internet. Its products include DNSX Secure Signer and DNSX Secure Resolver. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBToxePecYBqa1zCfhAQiPjgf7BX0uei08ArVOVHPVgnB0G2yfRYt8V3p5 2s+yNCNCr6FelLagXi/PS7aUyjT9pamY36rOb+vVVkJfqYMsaVTRCLsu5pEFGZO1 SRWT3wJLVJnSN1KeMcRh8CCadLAor/wq1+6M40XxOqMmC/unqrPgvuUc2GVYgslZ 42Fbg4hsXv8+nMwXH1Qa3Ig+r4CUmQbLz5pau0ADViad6Qy7Pyy2C0U/MwKWIL3V uG/Zq3O/fNGAq5HXDIztsUdxgLFo4twhESgj3nkesHNBzuk67+LpW+6RjXBYYN8p N0g29vdxCdYn4OgB67YkKklDVnvlsWyUwy0GxiO/WnAwH3C9dOaZTQ== =2X5y -----END PGP SIGNATURE-----