Описание
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
A flaw was found in Libreswan, where it was identified to contain an assertion failure issue in the compute_proto_keymat() function. The vulnerability can be exploited when an IKEv1 connection is loaded with an AH/ESP default setting when no esp= line is present in the connection. This flaw allows an authenticated attacker to send the bogus AES-GMAC proposal request, triggering the issue and causing Libreswan to crash and restart. When this connection is automatically added on startup using the auto= keyword, it can cause repeated crashes, leading to a denial of service. No remote code execution is possible.
Отчет
The CVE-2024-3652 vulnerability in Libreswan is classified as a moderate severity issue due to its limited scope and impact. While the vulnerability can lead to Denial of Service (DoS) by causing the Libreswan service to crash and restart, it does not allow for Remote Code Execution or expose sensitive data. Additionally, the exploitation of this vulnerability requires specific conditions to be met: an IKEv1 connection loaded without an esp= line and the peer to have authenticated itself. Furthermore, IKEv2 connections are not vulnerable to this issue.
Меры по смягчению последствий
An esp= line using a common IKEv1 algorithm list can be added to all IKEv1 based connections. An example of such an esp= line could be:
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libreswan | Affected | ||
| Red Hat Enterprise Linux 6 | libreswan | Not affected | ||
| Red Hat Enterprise Linux 7 | libreswan | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libreswan | Fixed | RHSA-2024:4376 | 08.07.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | libreswan | Fixed | RHSA-2024:4417 | 09.07.2024 |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | libreswan | Fixed | RHSA-2024:4417 | 09.07.2024 |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | libreswan | Fixed | RHSA-2024:4417 | 09.07.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | libreswan | Fixed | RHSA-2024:4200 | 01.07.2024 |
| Red Hat Enterprise Linux 9 | libreswan | Fixed | RHSA-2024:4050 | 23.06.2024 |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | libreswan | Fixed | RHSA-2024:4377 | 08.07.2024 |
Показывать по
Дополнительная информация
Статус:
6.5 Medium
CVSS3
Связанные уязвимости
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
The Libreswan Project was notified of an issue causing libreswan to re ...
6.5 Medium
CVSS3