Bug 927472 (CVE-2024-2357)

Description Hans de Graaff 2024-03-22 07:01:38 UTC

==================================================================
CVE-2024-2357: Missing PreSharedKey for connection can cause crash 
==================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart
under some IKEv2 retransmit scenarios when a connection is configured to use
PreSharedKeys (authby=secret) and the connection cannot find a matching
configured secret. When such a connection is automatically added on startup
using the auto= keyword, it can cause repeated crashes leading to a Denial
of Service.

Severity: Medium
Vulnerable versions : libreswan 4.2 - 4.12
Not vulnerable      : libreswan 4.1,  4.13+, 5.0+

Vulnerability information
=========================
When an IKEv2 state would fail to find its own PreSharedKey (secret) to create
the AUTH payload in the IKE_AUTH Exchange, it would omit sending a packet, but
would not delete the state. When this state is referenced later, it would cause
an assertion failure and crash and restart the pluto daemon.

Exploitation
============
There is no known exploitation. A peer cannot cause this error to happen. Even
if they would change their ID so a PSK cannot found, the connection fail properly
at an earlier state. The vulnerability can only be triggered by a misconfiguration
locally.

Workaround
==========
As a workaround to prevent such a misconfiguration from causing the crash, one can
place an unguessable long random "catch all" secret in /etc/ipsec.secrets, for
example using the following command:

    echo -e "# CVE-2024-2357 workaround\n: PSK \"$(openssl rand -hex 32)\"" >> /etc/ipsec.secrets

This will ensure a PSK secret is always found, but it will always be wrong, and
thus authentication will still properly fail.