Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 930091 (CVE-2024-3652)

Summary: <net-vpn/libreswan-4.15: Denial of Service vulnerability
Product: Gentoo Security Reporter: Hans de Graaff <graaff>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: graaff
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://libreswan.org/security/CVE-2024-3652/
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 930650    
Bug Blocks:    

Description Hans de Graaff gentoo-dev Security 2024-04-16 06:07:36 UTC 
===================================================================
CVE-2024-3652: IKEv1 default AH/ESP responder can crash and restart
===================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2024-3652

The Libreswan Project was notified of an issue that causes libreswan
to crash and restart when it is acting as an IKEv1 responder with
AH/ESP default setting, when no esp= line is present in the connection
configuration. The bug is triggered when after IKEv1 authentication has
succeeded (via Main Mode or Aggressive Mode), a Quick Mode message is
received containing a bogus AES-GMAC proposal.

When such a connection is automatically added on startup using the auto=
keyword, it can cause repeated crashes leading to a Denial of Service.

Severity: Medium
Vulnerable versions : libreswan 3.22 - 4.14
Not vulnerable      : libreswan 3.0 - 3.21, 4.15+, 5.0+

Vulnerability information
=========================
The function compute_proto_keymat() did not handle unexpected proposals
for which the keymat size is 0, such as AES-GMAC which can be used only
with NULL encryption.  The function ends up calling an assertion failure
routine. No Remote Code Execution is possible.

Exploitation
============
The vulnerability can only be exploited when an IKEv1 connection is loaded
without an esp= line. It also requires the peer to have authenticated
itself before it can send the bogus request triggering the issue. IKEv2
connections are not vulnerable.

Workaround
==========
An esp= line using a common IKEv1 algorithm list can be added to all
IKEv1 based connections. An example of such an esp= line could be:

     esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5
Comment 1 Larry the Git Cow gentoo-dev 2024-05-11 08:47:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b74353681dcf6143676b69b7060228f8045c692e

commit b74353681dcf6143676b69b7060228f8045c692e
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2024-05-11 08:46:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-11 08:47:05 +0000

    net-vpn/libreswan: drop 4.14
    
    Bug: https://bugs.gentoo.org/930091
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 net-vpn/libreswan/Manifest              |   1 -
 net-vpn/libreswan/libreswan-4.14.ebuild | 136 --------------------------------
 2 files changed, 137 deletions(-)