Описание
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
A vulnerability was found in libreswan. A malformed packet that is being rejected triggers a logging action that causes a NULL pointer dereference issue, leading to a crash of the pluto daemon.
Меры по смягчению последствий
If all configured connections are using IKEv2, the IKEv1 subsystem can be disabled by adding the option ikev1-policy=drop to the "config setup" section of ipsec.conf. Alternatively, libreswan can be compiled with USE_IKEv1=false. If all remote peers are on static IP addresses, a firewall rule blocking UDP port 500 and 4500 can be installed to prevent attackers from sending packets to the pluto IKE daemon. If peers appear on dynamic IP addresses and IKEv1 connections must be supported, then no workarounds are known, and libreswan must be updated or patched.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libreswan | Not affected | ||
| Red Hat Enterprise Linux 7 | libreswan | Not affected | ||
| Red Hat Enterprise Linux 9 | libreswan | Not affected | ||
| Red Hat Enterprise Linux 8 | libreswan | Fixed | RHSA-2022:0199 | 19.01.2022 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | libreswan | Fixed | RHSA-2022:0239 | 24.01.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
EPSS
7.5 High
CVSS3