Bugzilla – Bug 943104
VUL-0: CVE-2015-3240: openswan: denial of service via IKE daemon restart when receiving a bad DH gx by peer
Last modified: 2015-10-07 09:00:29 UTC
rh#1232320 Quoting from the RH bugzilla: "If the peer sends us a DH gx value of 0, openswan/libreswan passes it to the NSS library, which returns NULL because it cannot perform DH with 0, which hits a passert() in the swan code. An attacker can keep connecting to the service and perform the bad DH, causing a denial of service." References: https://bugzilla.redhat.com/show_bug.cgi?id=1232320 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3240
bugbot adjusting priority
Public advisory: https://libreswan.org/security/CVE-2015-3240/CVE-2015-3240.txt CVE-2015-3240 libreswan/openswan: denial of service via IKE daemon restart when receiving a bad DH gx by peer URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3240 This alert (and any possible updates) is available at the following URLs: https://libreswan.org/security/CVE-2015-3240/ The Libreswan Project discovered that receiving a g^x value of zero from an unauthenticated remote peer was not handled properly by the pluto IKE daemon, causing the pluto IKE daemon to restart. The vulnerability is present in libreswan and its predecessor openswan. Vulnerable versions: libreswan up to version 3.14 openswan (if compiled with NSS) up to version 2.6.44 Not vulnerable : libreswan 3.15 and newer If you cannot upgrade to libreswan 3.15, please see the above link for a patch for this issue. Vulnerability information ------------------------- The NSS library returns NULL when DiffieHellman exponentiation fails. The IKE daemon pluto verifies that the result is not NULL and triggers a passert() when it is NULL. This causes the IKE daemon pluto to restart. Exploitation ------------ This denial of service can be launched by anyone using a single IKE packet. No authentication credentials are required. No remote code execution is possible through this vulnerability. Libreswan automatically restarts when it crashes. Workaround ---------- There is no workaround. Either upgrade or use the supplied patch in the above listed resource URL. Credits --------- This vulnerability was found by The Libreswan Team. About libreswan (https://libreswan.org/) ---------------------------------------- Libreswan is a free implementation of the Internet Protocol Security (IPsec) suite and Internet Key Exchange (IKE) protocols. It is a descendant (fork) of openswan 2.6.38. IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN).
Created attachment 650444 [details] libreswan-3.14-cve-2015-3240-dhshared.patch Patch from https://libreswan.org/security/CVE-2015-3240/libreswan-3.14-cve-2015-3240-dhshared.patch.asc (signature wrapper removed)
Possible reproducer quoted from https://bugzilla.redhat.com/show_bug.cgi?id=1232320#c6 > note that using libreswan-3,15 you can test sending a bad g^x by running: > > ipsec start > ipsec auto --add connname > ipsec whack --debug-all --impair-send-zero-gx > ipsec auto --up connname
For Openswan, the changes are here: https://github.com/xelerance/Openswan/pull/141 > This is an openswan specific fix for CVE 2015-3240, whereby an initiator sends an invalid g^x. > This code has been validated against the --impair- option created by the DHR for libreswan. > An automated unit test case may be possible in the future, but currently the unit test cases mock all the crypto. https://github.com/mcr/Openswan/commit/bb2b483b961bf13bbc22c8f3677b7049ee417ebb https://github.com/mcr/Openswan/commit/6445c93f57d69d6d459ffd2f82aadf511d36f03a Fixed in Openswan v2.6.45
> Vulnerable versions: [...] > openswan (if compiled with NSS) up to version 2.6.44 openswan not built with NSS in SLE 11 SP1. openswan not built with NSS in SLE 10 SP3. Not affected, closing.