Bugzilla – Bug 910491
VUL-1: CVE-2014-9221: strongswan: DoS via payload with DH group 1025
Last modified: 2016-04-27 21:04:52 UTC
Subject: Re: strongSwan security advisory: CVE-2014-9221 Datum: Thu, 11 Dec 2014 13:42:20 +0100 From: Tobias Brunner <tobias@strongswan.org> > Please prepare updated releases and patch your installations, but do not > yet publicly disclose any information about this vulnerability. > We want to give you as a partner enough time to prepare new releases and > will publicly disclose the vulnerability with the strongSwan 5.2.2 > release on Dec 22nd, 12:00 noon UTC. Due to feedback we received we will not do the release in Christmas week. Instead we'll disclose the vulnerability and release 5.2.2 on Friday Dec 19th, 12:00 noon UTC. Thanks and regards, Tobias =========================================================================== Subject: strongSwan security advisory: CVE-2014-9221 Datum: Wed, 10 Dec 2014 18:30:16 +0100 From: Tobias Brunner <tobias@strongswan.org> Dear strongSwan partner, One of our users privately reported a denial-of-service vulnerability in strongSwan. Affected are strongSwan versions 4.5.0 and newer, including the latest 5.2.1. CVE-2014-9221 has been assigned for this vulnerability. The bug can be triggered by an IKEv2 Key Exchange (KE) payload that contains the Diffie-Hellman (DH) group 1025. This identifier is from the private-use range and only used internally by libtls for DH groups with custom generator and prime (MODP_CUSTOM). As such the instantiated method expects that these two values are passed to the constructor. This is not the case when a DH object is created based on the group in the KE payload. Therefore, an invalid pointer is dereferenced later, which causes a segmentation fault. This means that the daemon can be crashed with a single IKE_SA_INIT message containing such a KE payload. Remote code execution is not possible due to this issue, nor is IKEv1 affected in charon or pluto. The attached patches fix the vulnerability in the different strongSwan versions and should apply with appropriate hunk offsets. Please prepare updated releases and patch your installations, but do not yet publicly disclose any information about this vulnerability. We want to give you as a partner enough time to prepare new releases and will publicly disclose the vulnerability with the strongSwan 5.2.2 release on Dec 22nd, 12:00 noon UTC. Thanks to Mike Daskalakis for reporting the issue responsibly. Our apologies for the inconvenience. Kind Regards Tobias Brunner strongSwan Developer
Created attachment 617679 [details] upstream patch: strongswan-4.5.0-4.5.3_modp_custom.patch
Created attachment 617680 [details] upstream patch: strongswan-4.5.4-5.1.0_modp_custom.patch
Created attachment 617681 [details] upstream patch: strongswan-5.1.1_modp_custom.patch
Created attachment 617682 [details] upstream patch: strongswan-5.1.2-5.2.1_modp_custom.patch
CRD: 2014-12-19, 12:00 UTC
Submission for SLE-12 requested in: https://build.suse.de/request/show/47599, package in $IBS/home:mtomaschewski:branches:SUSE:SLE-12:Update/strongswan. Other packages prepared (until CRD is reached) in: $IBS/home:mtomaschewski:branches:openSUSE.org:network:vpn/strongswan $IBS/home:mtomaschewski:branches:openSUSE.org:openSUSE:12.3:Update/strongswan $IBS/home:mtomaschewski:branches:openSUSE.org:openSUSE:13.1:Update/strongswan $IBS/home:mtomaschewski:branches:openSUSE.org:openSUSE:13.2:Update/strongswan
SLES-11 (or older) is NOT affected.
** NEW CRD: 2015-01-05, 12:00 UTC ** -------- Weitergeleitete Nachricht -------- Betreff: Re: strongSwan security advisory: CVE-2014-9221 Datum: Fri, 19 Dec 2014 10:04:17 +0100 Von: Tobias Brunner <tobias@strongswan.org> An: tobias@strongswan.org Kopie (CC): Andreas Steffen <andreas.steffen@strongswan.org>, Martin Willi <martin@strongswan.org> Dear strongSwan partner, > The attached patches fix the vulnerability in the different strongSwan > versions and should apply with appropriate hunk offsets. Our integration tests that we run before every release revealed that these patches were inadequate. They broke most of the TLS scenarios. The intention was to increase the identifier of MODP_CUSTOM beyond the 16-bit size limit of DH identifiers in IKEv2 so this DH group can't be negotiated anymore. A side effect of this is that the size of the diffie_hellman_group_t enum increases to 32-bit. The problem with that is that it went unnoticed that the Diffie Hellman implementations in the different plugins (gmp, openssl etc.) internally used u_int16_t instead of diffie_hellman_group_t to store the group identifier. One set of the attached patches fix this specific problem in the respective strongSwan versions and should apply with appropriate hunk offsets. Patches that include both fixes are attached too. I'm terribly sorry we missed this issue earlier and having to send this email so close to the intended release date. Instead of rushing out the 5.2.2 release and the vulnerability disclosure today, we will move the release date to Jan 5th, 12:00 noon UTC. For a coordinated public disclosure of the issue we're kindly asking to hold back any prepared release for today and defer such releases to the mentioned date. Once again, our apologies for the inconvenience. Kind Regards, Tobias
Created attachment 617964 [details] strongswan-4.5.0-4.5.3_dh_group.patch
Created attachment 617965 [details] strongswan-4.5.0-4.5.3_modp_custom.patch
Created attachment 617966 [details] strongswan-4.6.0-5.0.2_dh_group.patch
Created attachment 617967 [details] strongswan-4.6.0-5.0.2_modp_custom.patch
Created attachment 617968 [details] strongswan-5.0.3-5.1.0_modp_custom.patch
Created attachment 617969 [details] strongswan-5.0.3-5.1.1_dh_group.patch
Created attachment 617970 [details] strongswan-5.1.1_modp_custom.patch
Created attachment 617971 [details] strongswan-5.1.2-5.2.1_dh_group.patch
Created attachment 617972 [details] strongswan-5.1.2-5.2.1_modp_custom.patch
Updated the patches: Submission for SLE-12 requested in: https://build.suse.de/request/show/47709, package in $IBS/home:mtomaschewski:branches:SUSE:SLE-12:Update/strongswan. Other packages prepared (until new CRD is reached) in: $IBS/home:mtomaschewski:branches:openSUSE.org:network:vpn/strongswan $IBS/home:mtomaschewski:branches:openSUSE.org:openSUSE:12.3:Update/strongswan $IBS/home:mtomaschewski:branches:openSUSE.org:openSUSE:13.1:Update/strongswan $IBS/home:mtomaschewski:branches:openSUSE.org:openSUSE:13.2:Update/strongswan
public
This is an autogenerated message for OBS integration: This bug (910491) was mentioned in https://build.opensuse.org/request/show/267274 Factory / strongswan https://build.opensuse.org/request/show/267275 12.3 / strongswan https://build.opensuse.org/request/show/267276 13.1 / strongswan https://build.opensuse.org/request/show/267277 13.2 / strongswan
openSUSE-SU-2015:0114-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 897048,897512,910491 CVE References: CVE-2014-9221 Sources used: openSUSE 13.2 (src): strongswan-5.1.3-4.4.1 openSUSE 13.1 (src): strongswan-5.1.1-8.1
SUSE-SU-2015:0281-1: An update that solves one vulnerability and has three fixes is now available. Category: security (moderate) Bug References: 856322,897048,897512,910491 CVE References: CVE-2014-9221 Sources used: SUSE Linux Enterprise Server 12 (src): strongswan-5.1.3-9.2 SUSE Linux Enterprise Desktop 12 (src): strongswan-5.1.3-9.1
released