Bug 592002 (CVE-2016-5391)

Description Brian Evans (RETIRED) 2016-08-24 12:48:37 UTC

Release date: Monday Jul 25, 2016

CVE-2016-5391 IKEv2 bogus proposal lacking DH transform causes restart

URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-5391

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-2016-5391/

The Libreswan Project has found a vulnerability in processing IKEv2
proposals that miss a Diffie-Hellman transform for the IKE SA. A NULL
pointer dererefence causes the pluto IKE daemon to crash and restart.
No remote code execution is possible.

Vulnerable versions: libreswan 3.17
Not vulnerable     : all other versions of libreswan

If you cannot upgrade to 3.18, please see the above link for a patch for
this issue.

Vulnerability information
=========================

The IKE SA negotiation requires a Diffie-Hellman group to be agreed upon.
This payload is mandatory for all IKE SA proposals during the IKE_INIT
Exchange Type. It is only optional for the CREATE_CHILD_SA Exchange
Type, where PFS is optional.

Libreswan version 3.17 does not properly reject a proposal in IKE_INIT
Exchange that lacks a Diffie-Hellman group. It dereferences a NULL
pointer causing a crash and restart.

Exploitation
============

A denial of service can be launched by anyone repeatedly sending such
IKE packets.

No authentication credentials are required. No remote code execution is
possible through this vulnerability. Libreswan automatically restarts when
it crashes.

Workaround
==========

There is no workaround. Either upgrade or use the supplied patch in the
above listed resource URL.

Credits
=======

This vulnerability was found by the Libreswan Project when performing
interop tests with strongswan version 5.4.0 which can transmit these
bogus proposals. It has been assigned strongSwan issue #2051