-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Release date: Monday May 11, 2020
Contact: security@libreswan.org
PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9

CVE-2020-1763: Malicious IKEv2 packet can cause libreswan to restart

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-CVE-2020-1763/

The Libreswan Project was notified by Stephan Zeisberg of Security
Research Labs of a bug in handling bogus encrypted IKEv1 INFORMATIONAL
Exchange packet requests for which there is no state. While building a
log message that the packet has been dropped, a NULL pointer dereference
causes libreswan to crash and restart when it attempts to log the state
name involved.

Vulnerable versions: libreswan 3.27 - 3.31
Not vulnerable     : libreswan 3.32 and newer

Vulnerability information
=========================
In the libreswan code, all IKE packets cause a state change. An added
log message displays the state name on a specific error message for an
IKEv1 Informational Exchange message with a bogus payload for which we
cannot find a valid peer. This message happens when no matching state
is found, and when no state will be created. When looking up the state
name for the log message, this causes a NULL pointer dereference.

Exploitation
============
This vulnerability cannot be abused for a remote code execution or an
authentication bypass. But by continuing to send these packets, a
denial of service attack against the libreswan IKE service is possible.

Workaround
==========
There is no workaround. Please apply one of the patches supplied below.

History
=======
* 2020-03-13 Issue reported via bugs.libreswan.org (lswbz#351)
* 2020-03-19 Patch distributed under embargo to customers and vendors
* 2020-05-11 Public release of CVE by The Libreswan Project

Credits
=======
This vulnerability was found and reported by Stephan Zeisberg of Security
Research Labs. Stephan also kindly provided the fuzzing packet causing the
crash so we could easilly reproduce this.

Upgrading
=========
To address this vulnerability, please upgrade to libreswan 3.32 or later.
For those who cannot upgrade, patches are provided for libreswan 3.27-3.30
and for 3.31 at the above URL, and are included for reference below.

About libreswan (https://libreswan.org/)
========================================
Libreswan is a free implementation of the Internet Key Exchange (IKE)
protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of
openswan 2.6.38. IKE is used to establish IPsec VPN connections.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).

Patch for libreswan-3.31
========================

diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 38dfe060db..03ce080339 100644
- --- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2047,7 +2047,7 @@ void process_packet_tail(struct msg_digest **mdp)
 						"%smessage ignored because it contains a payload type (%s) unexpected by state %s",
 						excuse,
 						enum_show(&ikev1_payload_names, np),
- -						st->st_state_name);
+						finite_states[smc->state]->name);
 					if (!md->encrypted) {
 						SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
 					}

Patch for libreswan-3.27 to 3.30
================================

diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 38dfe060db..b5ad3e4560 100644
- --- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2047,7 +2047,7 @@ void process_packet_tail(struct msg_digest **mdp)
 						"%smessage ignored because it contains a payload type (%s) unexpected by state %s",
 						excuse,
 						enum_show(&ikev1_payload_names, np),
- -						st->st_state_name);
+						(st == NULL) ? "<no state>" : st->st_state_name);
 					if (!md->encrypted) {
 						SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE);
 					}
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAl6x2GgTHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+e1bD/9W6GBZLC6dHdbQ6E2xBJ1Rv4QvLahJ
B4Yf/xmFLdA5XHhZ1yVffP8PwjS1nD1NYsjiL3qKn22m9/oK3aAY1Kz1oxOdhVK8
kxZBkKKvdfV+W+toF39MSwzmO9yjr4XXfV6ISgCbOQyRm433xBnJBAo/ekCTzgLJ
33IbzotsTJAofVHqmhs2XLScTlgEAbBF7sjNjkapHYT7I09mPoYXwQcQwuoGCuSb
HMPOHgkwwvUU3UB55ZcytpjdG6eSbGrXwwJQ5rJKfQJ/GH1inQH302dXOPeNsPuR
1IEXnvQ3wRBOC+S+ZqlV16wv5TBy2GhhASymk7+p9XXbVAikoImoMy2puldOoLC2
a0yTsnsJjomN5oKPwI1rnJpWEPhJMonZgsMPoTXixo4PQhPZU+asSeHzVHC5wBYh
kLLGdSIeXGmXy/YhhGod+pakd8TFzhDvXPNQAfGNWh4unI0Gx6pbFsalJw5t2HYt
2F18cBAgfwvpYS9sQVKIfKgqfyZzZZQ22BIxWutmFh27KvbymIjG4UR45tm3UsuG
llDsDHmhAbzY5Tf2l/IoN2HtsuSPKcGD8o8xJIyp4VTcIAgAVtEP2r+xxoIQ4iV8
AqZ/cPNSasBdnNBPZX7acGi2OLC7ATxKcTN+2DFG0RzHJ6AG+mqPgieJh+ebrJub
0G6z5ui56+hxKw==
=rWkO
-----END PGP SIGNATURE-----
