-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Release date: Wednesday, May 3, 2023 Contact: security@libreswan.org PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9 =========================================================================== CVE-2023-30570: Malicious IKEv1 Aggressive Mode packets can crash libreswan =========================================================================== This alert (and any updates) are available at the following URLs: https://libreswan.org/security/CVE-2023-30570/ The Libreswan Project was notified by github user "XU-huai" of an issue with receiving a malformed IKEv1 Aggressive Mode packet that would cause a crash and restart of the libreswan pluto daemon. When sent continuously, this could lead to a denial of service attack. Vulnerable versions : libreswan 3.28 - 4.10 Not vulnerable : libreswan 3.0 - 3.27, 4.11+ Vulnerability information ========================= When an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender re-uses the libreswan responder SPI, the pluto daemon state machine crashes. No remote code execution is possible. Exploitation ============ This vulnerability requires that pluto is configured with at least one potentially matching IKEv1 Aggressive Mode connection. Per default, pluto only accepts IKEv2 packets. When IKEv1 is enabled, only Main Mode packets are accepted unless the connection is configured explicitely with aggressive=yes or via its older name aggrmode=yes. When an IKEv1 Aggressive Mode connection is enabled, a malicious peer needs to send an IKEv1 Aggressive Mode packet with an unsupported algorithm, such as DH2. Then the malicious peer needs to be able to receive the reply so it can resend the packet with the received responder SPI added to cause the libreswan pluto daemon to crash and restart. The vulnerable code has been in the code base since 2003 (then still named "openswan") but only became reachable since an IKEv1 Aggressive Mode change that was introduced in libreswan 3.28. Workaround ========== IKEv1 Aggressive Mode connections could be converted to IKEv2 or IKEv1 Main Mode connections. If this is not feasable, patching or upgrading is the only other alternative. History ======= * 2003 Vulnerable code introduced in openswan-1.0.0 but unreachable * 2022-04-25 IKEv1 Aggresive Mode change caused vulnerable code to be reachable * 2023-03-16 Initial report via https://github.com/libreswan/libreswan/issues/1039 * 2023-04-16 Prerelease of CVE notification and patches to support customers * 2023-05-03 Release of patch and libreswan 4.11 Credits ======= This vulnerability was found and reported by github user XU-huai Upgrading ========= To address this vulnerability, please upgrade to libreswan 4.11 or later. For those who cannot upgrade, patches are provided at the above URL. About libreswan (https://libreswan.org/) ======================================== Libreswan is a free implementation of the Internet Key Exchange (IKE) protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of openswan 2.6.38. IKE is used to establish IPsec VPN connections. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Patches ======= Due to the size of the patch, it is not included inline to this advisory. -----BEGIN PGP SIGNATURE----- iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmRSzNYTHHRlYW1AbGli cmVzd2FuLm9yZwAKCRCF/0tDsw/G+Z88D/9YuPoEvk7cMrSN7jV0z9liNiAR/gYB gj8CjXkIw4mNaQIcpvhArlFMYov0MXh+nOJDiALx6/dsb6nvgzg/vvVOSU5jSRtg cEC8STA/rvLRSlj5mChKNAayVUmSgOxSg4AFr6zvG+/iQzC3vT2mlmwLXVKw5F+n Nn00Ov1EklqCRlSBUYhuKY2zyhRfxPajZW9s8VcKiUs36qzTjjp/EsUTln3uNHk4 nFIL+6cxEkUIVKtfZVpoB/zLg73tsnUEAdKeXl0H3BqLLohrbkPNEYh7HZsxrD1v g8Z/omf41wfN9p/JJkMK84qN55Nis90TiU5esf4gnl0vOf1dH4vMd7a082ee07UC wPeDL2zpxviIGdnFFzXOnlj88Xa7FsAcB7XU5wcpQcN9GFn8YbiSQvRbKFrrmpNf 10JXYPbMTze8QdrXI4E6mXGbgs9i4BxqYNrSFv0Xuyth+LSAL499adH+SZcG0kc2 XiQ1ZmGqBtQg68CPUdhuP1C4mixwTZ6wJQOyZlagebTDgJVPx52aSYAqoeakTzJ5 YpnVsYBbZXRZTvRasR9sdLp6ZiIzmIy3TF40GwoKvVWKburAaLp53FW2/s5Tvb5G BzlFcusnGd4xteUQklfOow4NJZZxUlEljQgu+yKZaNziYngaFwsy/shfM3STNlth 1mSorpVmVanqiw== =DgY+ -----END PGP SIGNATURE-----