Bug 1039515 - (CVE-2017-9023) VUL-0: CVE-2017-9023: strongswan: Incorrect x509 ASN.1 parser error handling
VUL-0: CVE-2017-9023: strongswan: Incorrect x509 ASN.1 parser error handling
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-05-17 13:24 UTC by Alexander Bergmann
Modified: 2019-12-05 17:05 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Comment 9 Marcus Meissner 2017-05-29 11:05:36 UTC
CRD: 2017-05-30 12:00UTC
Comment 10 Marcus Meissner 2017-05-31 11:41:21 UTC
is public


Fixed a DoS vulnerability in the x509 plugin that was caused because the ASN.1 parser
didn't handle ASN.1 CHOICE types properly, which could result in an infinite loop when
parsing X.509 extensions that use such types.
This vulnerability has been registered as CVE-2017-9023.
Please refer to our blog for details.


strongSwan Vulnerability (CVE-2017-9023)

Posted on May 30, 2017 by tobias  | Tags: 4.x, 5.0.x, 5.1.x, 5.2.x, 5.3.x, 5.4.x, 5.5.x, security fix

A denial-of-service vulnerability in the x509 plugin was discovered in strongSwan. All versions are affected.

We recently started fuzzing some of our plugins using Google's OSS-Fuzz infrastructure. Among the bugs that were discovered two may lead to  denial-of-service attacks. The one described in this article affects the ASN.1 parser in combination with the x509 plugin, the other the gmp plugin (described in a separate article).
Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types. This
could lead to infinite looping of the thread parsing a specifically crafted certificate. Affected are all strongSwan versions up to and including 5.5.2.

CVE-2017-9023 has been assigned for this vulnerability.

Several extensions in X.509 certificates use CHOICE types to allow exactly one of several possible sub-elements. An extension that's defined like this, which strongSwan always supported, is CRLDistributionPoints, where the optional distributionPoint is defined
as follows:

DistributionPointName ::= CHOICE {
        fullName                [0]     GeneralNames,
        nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

So it may either be a GeneralName or an RelativeDistinguishedName but not both and one of them must be present if there is a distributionPoint. So far the x509 plugin and ASN.1 parser treated the choices simply as optional elements inside of a loop, without enforcing that exactly one of them was parsed (or that any of them were matched). This lead to the issue that if none of the options were found the parser was stuck in an infinite loop. Other extensions that are affected are ipAddrBlocks (supported since 4.3.6) and CertificatePolicies (since 4.5.1).

A very similar issue, for which no separate CVE is assigned, affects the nameConstraints extension (supported since 4.5.1), where the x509 plugin incorrectly defined a parsing rule with a loop, where there was none defined, so that invalid data could lead to an infinite loop.

Remote code execution is not possible due to these issues.

Credit to OSS-Fuzz for finding this vulnerability, and to Sven Defatsch for setting up the integration and creating the fuzz target.

Installations that don't have the x509 plugin enabled and loaded are not vulnerable.

The just released strongSwan 5.5.3 fixes this vulnerability. For older releases we provide patches that fix the vulnerability in the respective versions and should apply with appropriate hunk offsets (please note that patches for versions < 4.4.0 are not provided).
Comment 11 Marcus Meissner 2017-05-31 11:42:17 UTC
Please submit for opensuse, leap and factory.
Comment 12 Swamp Workflow Management 2017-06-01 16:10:00 UTC
SUSE-SU-2017:1471-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1039514,1039515
CVE References: CVE-2017-9022,CVE-2017-9023
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    strongswan-4.4.0-6.35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    strongswan-4.4.0-6.35.1
Comment 13 Swamp Workflow Management 2017-06-01 16:11:39 UTC
SUSE-SU-2017:1473-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1039514,1039515,985012
CVE References: CVE-2017-9022,CVE-2017-9023
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    strongswan-5.1.3-25.1
SUSE Linux Enterprise Server 12-SP2 (src):    strongswan-5.1.3-25.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    strongswan-5.1.3-25.1
Comment 14 Wolfgang Frisch 2019-12-05 17:05:39 UTC
Resolved in all supported SUSE products.