CRD: 2024-11-20

is public

https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html


strongSwan Vulnerability (CVE-2023-41913)

Nov 20, 2023

A vulnerability in charon-tkm related to processing DH public values was discovered in strongSwan that can result in a buffer overflow and potentially remote code execution. All versions since 5.3.0 are affected.
security fix
5.9.x
5.8.x
5.7.x
5.6.x
5.5.x
5.4.x
5.3.x

Florian Picca reported a bug in charon-tkm (the TKM-backed version of the charon IKE daemon) related to handling DH public values that can lead to remote code execution.
Buffer Overflow When Handling DH Public Values

The TKM-backed version of the charon IKE daemon (charon-tkm) doesn't check the length of received Diffie-Hellman public values before copying them to a fixed-size buffer on the stack, causing a buffer overflow (CWE-121) that could potentially be exploited for remote code execution by sending a specially crafted and unauthenticated IKE_SA_INIT message.  Affected are
all strongSwan versions since 5.3.0.

CVE-2023-41913 has been assigned for this vulnerability.
Missing Length Check for DH Public Values in charon-tkm

Before 5.3.0, the length of Diffie-Hellman public values of known DH groups was directly verified by the code that handles KE payloads.  This was changed with 0356089d0f94 ("diffie-hellman: Verify public DH values in backends") and 41fc94c92454 ("encoding: Remove DH public value verification from KE payload"), both released with 5.3.0. They made DH
implementations responsible for verifying the public values themselves in their implementation of diffie_hellman_t::set_other_public_value() (or key_exchange_t::set_public_key() in newer releases).  A helper function was added to simplify this for known DH groups.

Unfortunately, the implementation of that method in charon-tkm, which acts as proxy for DH operation between the IKE daemon and the Trusted Key Manager (TKM), was forgotten and since then contained an unchecked memcpy() that copied whatever public DH value the peer sent in its unauthenticated IKE_SA_INIT message to a buffer of 512 bytes on the
stack, potentially causing a buffer overflow.  The length is only limited by the maximum length for accepted IKE messages, which defaults to 10'000 bytes.

Remote code execution might be possible due to this issue.

As mentioned in the introduction, credit to Florian Picca at Stackered for finding this vulnerability and reporting it responsibly.
Mitigation

Setups that don't use charon-tkm as IKE daemon are not vulnerable.  Note that the charon-tkm version that supports multiple key exchanges is not vulnerable either (tkm-multi-ke branch, which will be released with strongSwan 6 in the future).

The just released strongSwan 5.9.12 fixes this vulnerability. For older releases, we provide patches that fix the vulnerability and should apply with appropriate hunk offsets.

SUSE-SU-2023:4516-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1216901
CVE References: CVE-2023-41913
Sources used:
SUSE CaaS Platform 4.0 (src): strongswan-5.8.2-150000.4.23.2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): strongswan-5.8.2-150000.4.23.2
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): strongswan-5.8.2-150000.4.23.2
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): strongswan-5.8.2-150000.4.23.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2023:4515-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1216901
CVE References: CVE-2023-41913
Sources used:
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): strongswan-5.8.2-150200.11.42.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): strongswan-5.8.2-150200.11.42.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): strongswan-5.8.2-150200.11.42.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): strongswan-5.8.2-150200.11.42.2
SUSE Enterprise Storage 7.1 (src): strongswan-5.8.2-150200.11.42.2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): strongswan-5.8.2-150200.11.42.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): strongswan-5.8.2-150200.11.42.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): strongswan-5.8.2-150200.11.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2023:4514-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1216901
CVE References: CVE-2023-41913
Sources used:
openSUSE Leap 15.4 (src): strongswan-5.9.11-150400.19.17.2
Basesystem Module 15-SP4 (src): strongswan-5.9.11-150400.19.17.2
SUSE Package Hub 15 15-SP4 (src): strongswan-5.9.11-150400.19.17.2
SUSE Linux Enterprise Workstation Extension 15 SP4 (src): strongswan-5.9.11-150400.19.17.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

SUSE-SU-2023:4529-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1216901
CVE References: CVE-2023-41913
Sources used:
openSUSE Leap 15.5 (src): strongswan-5.9.11-150500.5.6.1
Basesystem Module 15-SP5 (src): strongswan-5.9.11-150500.5.6.1
SUSE Package Hub 15 15-SP5 (src): strongswan-5.9.11-150500.5.6.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): strongswan-5.9.11-150500.5.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Assigning to security team