905856 – (CVE-2023-30570) <net-vpn/libreswan-4.11: Malicious IKEv1 Aggressive Mode packets can crash libreswan

Bug 905856 (CVE-2023-30570) - <net-vpn/libreswan-4.11: Malicious IKEv1 Aggressive Mode packets can crash libreswan

Summary: <net-vpn/libreswan-4.11: Malicious IKEv1 Aggressive Mode packets can crash li...

Status:	IN_PROGRESS

Alias:	CVE-2023-30570

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	908647
Blocks:	CVE-2023-23009
	Show dependency tree

Reported:	2023-05-07 06:07 UTC by Hans de Graaff
Modified:	2023-06-19 15:07 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hans de Graaff gentoo-dev

2023-05-07 06:07:19 UTC

===========================================================================
CVE-2023-30570: Malicious IKEv1 Aggressive Mode packets can crash libreswan
===========================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2023-30570/

The Libreswan Project was notified by github user "XU-huai" of an
issue with receiving a malformed IKEv1 Aggressive Mode packet that
would cause a crash and restart of the libreswan pluto daemon. When
sent continuously, this could lead to a denial of service attack.

Vulnerable versions : libreswan 3.28 - 4.10
Not vulnerable      : libreswan 3.0 - 3.27, 4.11+

Vulnerability information
=========================
When an IKEv1 Aggressive Mode packet is received with only unacceptable
crypto algorithms, the response packet is not sent with a zero responder
SPI. When a subsequent packet is received where the sender re-uses the
libreswan responder SPI, the pluto daemon state machine crashes. No
remote code execution is possible.

Exploitation
============
This vulnerability requires that pluto is configured with at least one
potentially matching IKEv1 Aggressive Mode connection. Per default,
pluto only accepts IKEv2 packets. When IKEv1 is enabled, only Main Mode
packets are accepted unless the connection is configured explicitely
with aggressive=yes or via its older name aggrmode=yes.

When an IKEv1 Aggressive Mode connection is enabled, a malicious peer
needs to send an IKEv1 Aggressive Mode packet with an unsupported
algorithm, such as DH2.  Then the malicious peer needs to be able to
receive the reply so it can resend the packet with the received responder
SPI added to cause the libreswan pluto daemon to crash and restart.

The vulnerable code has been in the code base since 2003 (then still
named "openswan") but only became reachable since an IKEv1 Aggressive
Mode change that was introduced in libreswan 3.28.

Workaround
==========
IKEv1 Aggressive Mode connections could be converted to IKEv2 or IKEv1 Main Mode
connections. If this is not feasable, patching or upgrading is the only other
alternative.

Comment 1 Hans de Graaff gentoo-dev

2023-05-07 06:10:09 UTC

Aggressive mode is the that all security guides tell you to turn off because it also has structural security issues, so I guess the number of installations actually affected by this is small.

In any case, libreswan 4.11 has been added.

Comment 2 John Helmert III archtester

2023-05-08 04:40:31 UTC

Thanks! Please stable 4.11 when ready.

Comment 3 John Helmert III archtester

2023-06-19 02:55:04 UTC

Thanks! Please cleanup

Comment 4 Hans de Graaff gentoo-dev

2023-06-19 04:57:07 UTC

Cleanup done.