Bugzilla – Bug 876449
VUL-0: CVE-2014-2891: strongswan DoS
Last modified: 2015-07-10 17:08:48 UTC
UBUNTU:CVE-2014-2891 References: http://www.debian.org/security/2014/dsa-2922 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-2891.html http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2891
bugbot adjusting priority
Created attachment 589832 [details] strongswan-4.3.3-5.1.1_asn1_unwrap.patch Based on a crash report from one of our users we found that strongSwan versions before 5.1.2 are susceptible to a DoS vulnerability. Affected are strongSwan versions 4.3.3 and newer, up to 5.1.1. CVE-2014-2891 has been assigned for this vulnerability. The bug can be triggered by a crafted ID_DER_ASN1_DN ID payload and is caused by a NULL-pointer dereference when such identities are parsed. If the data of the ID payload is exactly two bytes long and the second byte ranges between 0x81 and 0x84 (or 0x88 depending on sizeof(size_t)) logging or comparing the identity will crash the IKE daemon. This issue was fixed with 5.1.2 [1] but it went unnoticed that it can be exploited remotely in older releases. Remote code execution is not possible due to this vulnerability. The attached patch fixes the vulnerability in all affected strongSwan versions and should apply with appropriate hunk offsets. Please prepare updated releases and patch your installations, but do not yet publicly disclose any information about this vulnerability. We want to give you as a partner enough time to prepare new releases and will publicly disclose the vulnerability on May 5th, 12:00 noon UTC. Our apologies for the inconvenience. Kind Regards Tobias Brunner strongSwan Developer [1] http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7817d88e1 The attached patch is available at: http://download.strongswan.org/patches/16_asn1_unwrap_patch/
This is an autogenerated message for OBS integration: This bug (876449) was mentioned in https://build.opensuse.org/request/show/233820 12.3 / strongswan https://build.opensuse.org/request/show/233823 13.1 / strongswan
The SWAMPID for this issue is 57388. This issue was rated as moderate. Please submit fixed packages until 2014-05-28. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
the SLE-10-SP4 version has been submitted but there is a patchinfo waiting for the SP3 package ...
openSUSE-SU-2014:0697-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 870572,876449 CVE References: CVE-2014-2338,CVE-2014-2891 Sources used: openSUSE 13.1 (src): strongswan-5.1.1-4.1 openSUSE 12.3 (src): strongswan-5.0.1-4.16.1
Update released for: strongswan, strongswan-debuginfo, strongswan-debugsource, strongswan-doc Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: strongswan, strongswan-debuginfo, strongswan-debugsource, strongswan-doc Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0793-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 876449 CVE References: CVE-2014-2891 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): strongswan-4.4.0-6.25.1 SUSE Linux Enterprise Server 11 SP3 (src): strongswan-4.4.0-6.25.1 SUSE Linux Enterprise Desktop 11 SP3 (src): strongswan-4.4.0-6.25.1
all relevant packages were fixed
SUSE-SU-2015:1228-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 876449,933591 CVE References: CVE-2014-2891,CVE-2015-4171 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): strongswan-4.4.0-6.19.1