-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Release date: Tue Dec 10, 2013 Subject: CVE-2013-4564 Libreswan Denial of Service with bogus IKE packet URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4564 This alert (and any possible updates) is available at the following URLs: https://libreswan.org/security/CVE-2013-4564/ The Libreswan Project found an error in the way mangled IKE packets are handled. This error, introduced in libreswan 3.6, allows a malicious user to cause the libreswan IKE daemon to restart. Vulnerable versions: libreswan 3.6 Not vulnerable : libreswan 3.0 - 3.5, 3.7 and up Vulnerability information - -------------------------- In libreswan 3.6, an IKE padding feature was added that allows IKE packets whose length is not equal to the length specified in the IKE header's length field. By allowing such packets to go through, it could inadvertently try to read extremely short IKE packets that did not contain enough data for their IKE version number. To send an appropriate IKE v1 or v2 response, the IKE daemon incorrectly assumed the IKE version was always available in the received packet and would crash if this was not available. Additionally, it could hit a passert() if the IKE major number was not 1 or 2. While the vulnerable code is present in all libreswan versions, and some openswan versions, only libreswan version 3.6 exposed this code to malicious IKE packets due to its new IKE padding feature. Exploitation - ------------- This denial of service can be launched by anyone using a single mangled IKE packet. No authentication credentials are required. No remote code execution is possible through this vulnerability. Workaround - ----------- There is no workaround. An upgrade to libreswan 3.7 is the only method to resolve this vulnerability. Credits - -------- This vulnerability was found by Paul Wouters and D. Hugh Redelmeier About libreswan (https://libreswan.org/) - ----------------------------------------- Libreswan is a free implementation of the Internet Protocol Security (IPsec) suite and Internet Key Exchange (IKE) protocols. It is a descendant (fork) of openswan 2.6.38. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCAAGBQJSp5dmAAoJEIX/S0OzD8b5pKsQAI6fde5FfIJxRhPyxzti3QjA UxZJJsnFb/O841NWcgNLkjpmsFh0GI7tvhGkHiOQijtgQH6u2490WIhKvwIl4UYF X21+5fZwIozob6ybzmVLoIxijkFCqWXqFqq7yr/5le7u8BZRcQlOghqg/pd9VpGB ibqZq2u36yFDq7+NpPHTqSyua0FpaC6kCGzse1Z3gnbZGXeFsj3aeBD7S5xrJQmA UUuHr+Jnqx8K+qvNORlB6hxla4q9finbeBW2NaXMaIKTNHswcpvYzgU+TXRHKVWa Vy33F/C0TeClUr6L0eBHeVaMV9M36Mj11+NxflUt4M1IDpuN/tm0oqqlGbTvKdqk xi5gwtLUlSXpF8MBAqVa9MRlT0Uq5o+9g+cxfzRjS4btcOngxl2Umrgwp49jNjPH oJs3DF9mgH0Dn0dP7tStiU/qLgRpaYH+uIg39ewaoeZK2JBW6gs8Dx9L2njE1P3G JjW6899AlnlBJ1D5FjcfIzfHZ5A58z6N16zeOc1mlLuh2BjvHmYyVQy0MYdyp2Zw S6bqs/sY2qBC8kDjUaAhbx5M3gBqCWeFukKHyFIBwJ3GXJEAKy8sdDqJOfi28O4g xfgII8hufXvgeNRg4mAjkKwpc6b2nfRquIvURg5MJhp3E5FoHV4GZ5aleDNUV78W vx1q8Y6OkAiVNSOxG977 =b/tl -----END PGP SIGNATURE-----