Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 558692 (CVE-2015-3240) - <net-misc/libreswan-3.15: denial of service via IKE daemon restart when receiving a bad DH gx by peer (CVE-2015-3240)
Summary: <net-misc/libreswan-3.15: denial of service via IKE daemon restart when recei...
Status: RESOLVED FIXED
Alias: CVE-2015-3240
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal with 1 vote (vote)
Assignee: Gentoo Security
URL: https://libreswan.org/security/CVE-20...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-25 11:30 UTC by Darko Luketic
Modified: 2016-03-12 23:25 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Darko Luketic 2015-08-25 11:30:13 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2015-3240 libreswan/openswan: denial of service via IKE daemon restart
              when receiving a bad DH gx by peer 

URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3240

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-2015-3240/

The Libreswan Project discovered that receiving a g^x value of zero from
an unauthenticated remote peer was not handled properly by the pluto IKE
daemon, causing the pluto IKE daemon to restart. The vulnerability is
present in libreswan and its predecessor openswan.


Vulnerable versions: libreswan up to version 3.14
                     openswan (if compiled with NSS) up to version 2.6.44
Not vulnerable     : libreswan 3.15 and newer

If you cannot upgrade to libreswan 3.15, please see the above link for a
patch for this issue.

Vulnerability information
- -------------------------

The NSS library returns NULL when DiffieHellman exponentiation fails. The
IKE daemon pluto verifies that the result is not NULL and triggers a
passert() when it is NULL. This causes the IKE daemon pluto to restart.

Exploitation
- ------------

This denial of service can be launched by anyone using a single IKE packet.
No authentication credentials are required. No remote code execution is
possible through this vulnerability. Libreswan automatically restarts when
it crashes.

Workaround
- ----------

There is no workaround. Either upgrade or use the supplied patch in the
above listed resource URL.

Credits
- ---------

This vulnerability was found by The Libreswan Team.

About libreswan (https://libreswan.org/)
- ----------------------------------------

Libreswan is a free implementation of the Internet Protocol Security
(IPsec) suite and Internet Key Exchange (IKE) protocols. It is a
descendant (fork) of openswan 2.6.38.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).
Comment 1 Mike Gilbert gentoo-dev 2015-08-25 19:50:27 UTC
I have added libreswan-3.15 to the gentoo repository. Should be ok to stabilize it.
Comment 2 Agostino Sarubbo gentoo-dev 2015-08-26 07:03:09 UTC
Arches, please test and mark stable:
=net-misc/libreswan-3.15
Target keywords : "amd64 x86"
Comment 3 Agostino Sarubbo gentoo-dev 2015-08-26 07:11:43 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-08-26 07:12:08 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-31 03:20:59 UTC
Arches, Thank you for your work.
GLSA Vote: No

Maintainer(s), please drop the vulnerable version(s).
Comment 6 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-31 05:58:44 UTC
(In reply to Yury German from comment #5)
> Arches, Thank you for your work.
> GLSA Vote: No

Revising, due to GLSA in a more serious version. Adding to existing GLSA.

Maintainer(s), please drop the vulnerable version(s).
Comment 7 Yury German Gentoo Infrastructure gentoo-dev Security 2016-01-26 04:00:00 UTC
It has been 30 days since cleanup was requested.
Maintainer(s), please drop the vulnerable version(s).
Comment 8 Mike Gilbert gentoo-dev 2016-01-26 17:11:03 UTC
(In reply to Yury German from comment #7)
> It has been 30 days since cleanup was requested.
> Maintainer(s), please drop the vulnerable version(s).

Done.

I get a lot of bugmail, so it's not always the most effective way to get my attention.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev Security 2016-02-25 08:45:23 UTC
Maintainer(s), Thank you for your work.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-03-12 23:25:32 UTC
This issue was resolved and addressed in
 GLSA 201603-13 at https://security.gentoo.org/glsa/201603-13
by GLSA coordinator Kristian Fiskerstrand (K_F).