Release date: Monday Jul 25, 2016
CVE-2016-5391 IKEv2 bogus proposal lacking DH transform causes restart
This alert (and any possible updates) is available at the following URLs:
The Libreswan Project has found a vulnerability in processing IKEv2
proposals that miss a Diffie-Hellman transform for the IKE SA. A NULL
pointer dererefence causes the pluto IKE daemon to crash and restart.
No remote code execution is possible.
Vulnerable versions: libreswan 3.17
Not vulnerable : all other versions of libreswan
If you cannot upgrade to 3.18, please see the above link for a patch for
The IKE SA negotiation requires a Diffie-Hellman group to be agreed upon.
This payload is mandatory for all IKE SA proposals during the IKE_INIT
Exchange Type. It is only optional for the CREATE_CHILD_SA Exchange
Type, where PFS is optional.
Libreswan version 3.17 does not properly reject a proposal in IKE_INIT
Exchange that lacks a Diffie-Hellman group. It dereferences a NULL
pointer causing a crash and restart.
A denial of service can be launched by anyone repeatedly sending such
No authentication credentials are required. No remote code execution is
possible through this vulnerability. Libreswan automatically restarts when
There is no workaround. Either upgrade or use the supplied patch in the
above listed resource URL.
This vulnerability was found by the Libreswan Project when performing
interop tests with strongswan version 5.4.0 which can transmit these
bogus proposals. It has been assigned strongSwan issue #2051
I added 3.18 to the gentoo repository, though I no longer have any means to test it. I can only assume it is safe to stabilize.
I have just updated our production server to libreswan 3.18 and it seems to work as expected.
Maintainer(s), please cleanup.
@ Security: Please vote!
GLSA Vote: No