-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Release date: Tue Dec 10, 2013

Subject: CVE-2013-4564 Libreswan Denial of Service with bogus IKE packet
URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4564

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-2013-4564/

The Libreswan Project found an error in the way mangled IKE packets are
handled. This error, introduced in libreswan 3.6, allows a malicious user
to cause the libreswan IKE daemon to restart.

Vulnerable versions: libreswan 3.6
Not vulnerable     : libreswan 3.0 - 3.5, 3.7 and up

Vulnerability information
- --------------------------

In libreswan 3.6, an IKE padding feature was added that allows IKE
packets whose length is not equal to the length specified in the IKE
header's length field. By allowing such packets to go through, it
could inadvertently try to read extremely short IKE packets that did
not contain enough data for their IKE version number. To send an
appropriate IKE v1 or v2 response, the IKE daemon incorrectly assumed
the IKE version was always available in the received packet and would
crash if this was not available. Additionally, it could hit a passert()
if the IKE major number was not 1 or 2.

While the vulnerable code is present in all libreswan versions, and
some openswan versions, only libreswan version 3.6 exposed this code to
malicious IKE packets due to its new IKE padding feature.

Exploitation
- -------------

This denial of service can be launched by anyone using a single mangled
IKE packet. No authentication credentials are required. No remote code
execution is possible through this vulnerability.

Workaround
- -----------

There is no workaround. An upgrade to libreswan 3.7 is the only method
to resolve this vulnerability.

Credits
- --------

This vulnerability was found by Paul Wouters and D. Hugh Redelmeier

About libreswan (https://libreswan.org/)
- -----------------------------------------

Libreswan is a free implementation of the Internet Protocol Security
(IPsec) suite and Internet Key Exchange (IKE) protocols. It is a
descendant (fork) of openswan 2.6.38.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSp5dmAAoJEIX/S0OzD8b5pKsQAI6fde5FfIJxRhPyxzti3QjA
UxZJJsnFb/O841NWcgNLkjpmsFh0GI7tvhGkHiOQijtgQH6u2490WIhKvwIl4UYF
X21+5fZwIozob6ybzmVLoIxijkFCqWXqFqq7yr/5le7u8BZRcQlOghqg/pd9VpGB
ibqZq2u36yFDq7+NpPHTqSyua0FpaC6kCGzse1Z3gnbZGXeFsj3aeBD7S5xrJQmA
UUuHr+Jnqx8K+qvNORlB6hxla4q9finbeBW2NaXMaIKTNHswcpvYzgU+TXRHKVWa
Vy33F/C0TeClUr6L0eBHeVaMV9M36Mj11+NxflUt4M1IDpuN/tm0oqqlGbTvKdqk
xi5gwtLUlSXpF8MBAqVa9MRlT0Uq5o+9g+cxfzRjS4btcOngxl2Umrgwp49jNjPH
oJs3DF9mgH0Dn0dP7tStiU/qLgRpaYH+uIg39ewaoeZK2JBW6gs8Dx9L2njE1P3G
JjW6899AlnlBJ1D5FjcfIzfHZ5A58z6N16zeOc1mlLuh2BjvHmYyVQy0MYdyp2Zw
S6bqs/sY2qBC8kDjUaAhbx5M3gBqCWeFukKHyFIBwJ3GXJEAKy8sdDqJOfi28O4g
xfgII8hufXvgeNRg4mAjkKwpc6b2nfRquIvURg5MJhp3E5FoHV4GZ5aleDNUV78W
vx1q8Y6OkAiVNSOxG977
=b/tl
-----END PGP SIGNATURE-----
