Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 592002 (CVE-2016-5391) - <net-misc/libreswan-3.18: IKEv2 bogus proposal lacking DH transform causes restart (CVE-2016-5391)
Summary: <net-misc/libreswan-3.18: IKEv2 bogus proposal lacking DH transform causes re...
Alias: CVE-2016-5391
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2016-08-24 12:48 UTC by Brian Evans
Modified: 2016-12-27 08:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---
kensington: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Brian Evans Gentoo Infrastructure gentoo-dev 2016-08-24 12:48:37 UTC
Release date: Monday Jul 25, 2016

CVE-2016-5391 IKEv2 bogus proposal lacking DH transform causes restart


This alert (and any possible updates) is available at the following URLs:

The Libreswan Project has found a vulnerability in processing IKEv2
proposals that miss a Diffie-Hellman transform for the IKE SA. A NULL
pointer dererefence causes the pluto IKE daemon to crash and restart.
No remote code execution is possible.

Vulnerable versions: libreswan 3.17
Not vulnerable     : all other versions of libreswan

If you cannot upgrade to 3.18, please see the above link for a patch for
this issue.

Vulnerability information

The IKE SA negotiation requires a Diffie-Hellman group to be agreed upon.
This payload is mandatory for all IKE SA proposals during the IKE_INIT
Exchange Type. It is only optional for the CREATE_CHILD_SA Exchange
Type, where PFS is optional.

Libreswan version 3.17 does not properly reject a proposal in IKE_INIT
Exchange that lacks a Diffie-Hellman group. It dereferences a NULL
pointer causing a crash and restart.


A denial of service can be launched by anyone repeatedly sending such
IKE packets.

No authentication credentials are required. No remote code execution is
possible through this vulnerability. Libreswan automatically restarts when
it crashes.


There is no workaround. Either upgrade or use the supplied patch in the
above listed resource URL.


This vulnerability was found by the Libreswan Project when performing
interop tests with strongswan version 5.4.0 which can transmit these
bogus proposals. It has been assigned strongSwan issue #2051
Comment 1 Mike Gilbert gentoo-dev 2016-08-25 21:54:26 UTC
I added 3.18 to the gentoo repository, though I no longer have any means to test it. I can only assume it is safe to stabilize.
Comment 2 Hans de Graaff gentoo-dev 2016-10-02 07:53:21 UTC
I have just updated our production server to libreswan 3.18 and it seems to work as expected.
Comment 3 Agostino Sarubbo gentoo-dev 2016-12-20 08:53:14 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2016-12-20 09:08:50 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 5 Thomas Deutschmann gentoo-dev Security 2016-12-23 13:09:56 UTC
@ Security: Please vote!
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-12-27 08:23:41 UTC
GLSA Vote: No