Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 698044 (CVE-2019-10155) - <net-vpn/libreswan-3.29: IKEv1 informational exchange packets not integrity checked (CVE-2019-10155)
Summary: <net-vpn/libreswan-3.29: IKEv1 informational exchange packets not integrity c...
Alias: CVE-2019-10155
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Reported: 2019-10-19 14:16 UTC by Torsten Kaiser
Modified: 2020-03-17 14:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Torsten Kaiser 2019-10-19 14:16:41 UTC
As ipsec-tools got broken by stabling openssl-1.1.1d I'm searching for alternitives. As suggests I looked at libreswan and strongswan and found the following message at the top of the libreswan website at :

CVE-2019-10155 IKEv1 informational exchange packets not integrity checked
The Libreswan Project has found a vulnerability in all libreswan versions up to 3.28 (and all openswan versions up to causing IKEv1 informational packets to be processed without first passing the integrity check. Please upgrade to libreswan-3.29 (sig) or use the patch listed with the advisery CVE-2019-10155.

As bug #690204 was closed as WONTFIX with "Dropping this request since libreswan 3.28 and 3.29 have various minor issues that may affect existing connections. 3.30, once released, is going to be the next target." I think this security issue might want to revisit stabling 3.29 even if there are minor issues with it.

Reproducible: Didn't try

Despite the alarmingly red banner on top of the website, it might not be so bad:

There is no known method for exploiting this vulnerability for libreswan.

Due to the missing the integrity check, a concern was investigated to
see if the vulnerability could be used as an oracle to attack the IKE
SA encryption key. Due to the way libreswan has implemented encryption,
using the NSS crypto library, no RSA padding attacks are possible. While
it would be possible to determine the unencrypted message length, this
information yields no useful information to an attacker.
Comment 1 Torsten Kaiser 2019-10-19 14:57:34 UTC
Hrm: Current stable version is 3.27.

Vulnerable versions: libreswan 3.27

By continuing to send these packets, a denial of service attack is possible.
This vulnerability cannot be abused for a remote code execution.
Comment 2 Hans de Graaff gentoo-dev Security 2019-10-27 07:02:47 UTC
Unfortunately 3.28 and 3.29 appear to be broken for some connections (to the point that we're restarting libreswan from cron every couple of hours to keep things working). No upstream bug from our side for that, haven't had time to dig into that yet.

My understanding of CVE-2019-10155 is that it is not something that is high priority to fix. I must have overlooked CVE-2019-12312 because that does look more serious.

I would have hoped that upstream already released a new version by now but they have not done so yet.

I'd appreciate opinions on the way forward: are these security issues bad enough to upgrade and break some VPN connections for people?
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-27 14:44:14 UTC
Stopping stabilization because of maintainer concerns, #2
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-27 14:49:54 UTC
@ maintainer(s): Is there a bug for the problem you experience why stabilization should be blocked? Many distributions already moved to 3.29 (
Comment 5 Hans de Graaff gentoo-dev Security 2019-11-24 06:58:19 UTC
There are no clear bugs upstream although perhaps looks similar. That also contains a possible workaround (in addition to restarting), so let's continue stabilization.
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-11-26 01:00:16 UTC
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-11-26 12:28:52 UTC
amd64 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 8 Hans de Graaff gentoo-dev Security 2019-12-03 10:50:31 UTC
Cleanup done.
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-17 14:35:48 UTC
GLSA Vote: No!

Repository is clean, all done.