930091 – (CVE-2024-3652) <net-vpn/libreswan-4.15: Denial of Service vulnerability

Bug 930091 (CVE-2024-3652) - <net-vpn/libreswan-4.15: Denial of Service vulnerability

Summary: <net-vpn/libreswan-4.15: Denial of Service vulnerability

Status:	CONFIRMED

Alias:	CVE-2024-3652

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://libreswan.org/security/CVE-20...
Whiteboard:	B3 [glsa?]
Keywords:

Depends on:	930650
Blocks:
	Show dependency tree

Reported:	2024-04-16 06:07 UTC by Hans de Graaff
Modified:	2024-05-11 08:47 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hans de Graaff gentoo-dev

2024-04-16 06:07:36 UTC

===================================================================
CVE-2024-3652: IKEv1 default AH/ESP responder can crash and restart
===================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2024-3652

The Libreswan Project was notified of an issue that causes libreswan
to crash and restart when it is acting as an IKEv1 responder with
AH/ESP default setting, when no esp= line is present in the connection
configuration. The bug is triggered when after IKEv1 authentication has
succeeded (via Main Mode or Aggressive Mode), a Quick Mode message is
received containing a bogus AES-GMAC proposal.

When such a connection is automatically added on startup using the auto=
keyword, it can cause repeated crashes leading to a Denial of Service.

Severity: Medium
Vulnerable versions : libreswan 3.22 - 4.14
Not vulnerable      : libreswan 3.0 - 3.21, 4.15+, 5.0+

Vulnerability information
=========================
The function compute_proto_keymat() did not handle unexpected proposals
for which the keymat size is 0, such as AES-GMAC which can be used only
with NULL encryption.  The function ends up calling an assertion failure
routine. No Remote Code Execution is possible.

Exploitation
============
The vulnerability can only be exploited when an IKEv1 connection is loaded
without an esp= line. It also requires the peer to have authenticated
itself before it can send the bogus request triggering the issue. IKEv2
connections are not vulnerable.

Workaround
==========
An esp= line using a common IKEv1 algorithm list can be added to all
IKEv1 based connections. An example of such an esp= line could be:

     esp=aes-sha2_512,aes-sha1,aes-sha2_256,aes-md5,3des-sha1,3des-md5

Comment 1 Larry the Git Cow gentoo-dev

2024-05-11 08:47:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b74353681dcf6143676b69b7060228f8045c692e

commit b74353681dcf6143676b69b7060228f8045c692e
Author:     Hans de Graaff <graaff@gentoo.org>
AuthorDate: 2024-05-11 08:46:35 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-11 08:47:05 +0000

    net-vpn/libreswan: drop 4.14
    
    Bug: https://bugs.gentoo.org/930091
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 net-vpn/libreswan/Manifest              |   1 -
 net-vpn/libreswan/libreswan-4.14.ebuild | 136 --------------------------------
 2 files changed, 137 deletions(-)