As ipsec-tools got broken by stabling openssl-1.1.1d I'm searching for alternitives. As https://bugs.gentoo.org/show_bug.cgi?id=674460#c16 suggests I looked at libreswan and strongswan and found the following message at the top of the libreswan website at https://libreswan.org/ :
CVE-2019-10155 IKEv1 informational exchange packets not integrity checked
The Libreswan Project has found a vulnerability in all libreswan versions up to 3.28 (and all openswan versions up to 22.214.171.124) causing IKEv1 informational packets to be processed without first passing the integrity check. Please upgrade to libreswan-3.29 (sig) or use the patch listed with the advisery CVE-2019-10155.
As bug #690204 was closed as WONTFIX with "Dropping this request since libreswan 3.28 and 3.29 have various minor issues that may affect existing connections. 3.30, once released, is going to be the next target." I think this security issue might want to revisit stabling 3.29 even if there are minor issues with it.
Reproducible: Didn't try
Despite the alarmingly red banner on top of the website, it might not be so bad:
There is no known method for exploiting this vulnerability for libreswan.
Due to the missing the integrity check, a concern was investigated to
see if the vulnerability could be used as an oracle to attack the IKE
SA encryption key. Due to the way libreswan has implemented encryption,
using the NSS crypto library, no RSA padding attacks are possible. While
it would be possible to determine the unencrypted message length, this
information yields no useful information to an attacker.
Hrm: Current stable version is 3.27.
Vulnerable versions: libreswan 3.27
By continuing to send these packets, a denial of service attack is possible.
This vulnerability cannot be abused for a remote code execution.
Unfortunately 3.28 and 3.29 appear to be broken for some connections (to the point that we're restarting libreswan from cron every couple of hours to keep things working). No upstream bug from our side for that, haven't had time to dig into that yet.
My understanding of CVE-2019-10155 is that it is not something that is high priority to fix. I must have overlooked CVE-2019-12312 because that does look more serious.
I would have hoped that upstream already released a new version by now but they have not done so yet.
I'd appreciate opinions on the way forward: are these security issues bad enough to upgrade and break some VPN connections for people?
Stopping stabilization because of maintainer concerns, #2
@ maintainer(s): Is there a bug for the problem you experience why stabilization should be blocked? Many distributions already moved to 3.29 (https://repology.org/project/libreswan/versions)...
There are no clear bugs upstream although perhaps https://github.com/libreswan/libreswan/issues/270 looks similar. That also contains a possible workaround (in addition to restarting), so let's continue stabilization.
Maintainer(s), please cleanup.
Security, please vote.
GLSA Vote: No!
Repository is clean, all done.