Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 238534 (CVE-2008-4551) - net-misc/strongswan <4.2.7 charon Key Exchange DoS (CVE-2008-4551)
Summary: net-misc/strongswan <4.2.7 charon Key Exchange DoS (CVE-2008-4551)
Status: RESOLVED FIXED
Alias: CVE-2008-4551
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://labs.mudynamics.com/advisories...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-24 02:01 UTC by Robert Buchholz (RETIRED)
Modified: 2008-10-21 14:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-09-24 02:01:05 UTC
musecurity wrote:

strongSwan IKEv2 Denial-of-Service Vulnerability [MU-200809-01]
September 18, 2008

http://labs.mudynamics.com/advisories.html

Affected Products/Versions:

strongswan 4.2.6 and other branches

Product Overview:
strongSwan is an Open Source IPsec-based VPN Solution for the Linux operating system.

www.strongswan.org

Vulnerability Details:

An IKE_SA_INIT message with a Key Exchange payload containing a large number of
NULL values can cause a crash of the IKEv2 charon daemon. The problem is 
strongSwan dereferences a NULL pointer returned by the mpz_export() function
of the GNU Multiprecision Library (GMP).

Vendor Response / Solution:

Fixed in strongSwan 4.2.7 and other branches.
Available from www.strongswan.org/

History:

September 16, 2008 - First contact with vendor
September 17, 2008 - Vendor releases fix

See also:

http://wiki.strongswan.org/changeset/4345

Credit:

This vulnerability was discovered by the Mu Dynamics research team.
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-09-24 02:48:54 UTC
4.2.7 in CVS.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-09-24 16:03:58 UTC
It seems this does not affect our stable 2.8.0, since the code is not present there.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-10-21 14:35:31 UTC
======================================================
Name: CVE-2008-4551
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4551
Reference: MISC:http://labs.mudynamics.com/advisories/MU-200809-01.txt
Reference: CONFIRM:http://download.strongswan.org/CHANGES4.txt
Reference: BID:31291
Reference: URL:http://www.securityfocus.com/bid/31291
Reference: FRSIRT:ADV-2008-2660
Reference: URL:http://www.frsirt.com/english/advisories/2008/2660
Reference: SECTRACK:1020903
Reference: URL:http://www.securitytracker.com/id?1020903
Reference: SECUNIA:31963
Reference: URL:http://secunia.com/advisories/31963

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial
of service (daemon crash) via an IKE_SA_INIT message with a large
number of NULL values in a Key Exchange payload, which triggers a NULL
pointer dereference for the return value of the mpz_export function in
the GNU Multiprecision Library (GMP).