Bug 2187165 (CVE-2023-30570)
| Summary: | CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | dueno, omoris, security-response-team, trathi |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-17 07:41:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2187169, 2187170, 2187171, 2187172, 2187173, 2187174, 2187175, 2187176, 2187177, 2187178, 2187179, 2187180, 2193034 | ||
| Bug Blocks: | 2187158 | ||
|
Description
Sandipan Roy
2023-04-17 06:30:51 UTC
Created libreswan tracking bugs for this issue: Affects: fedora-all [bug 2193034] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:2120 https://access.redhat.com/errata/RHSA-2023:2120 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:2121 https://access.redhat.com/errata/RHSA-2023:2121 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2122 https://access.redhat.com/errata/RHSA-2023:2122 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:2124 https://access.redhat.com/errata/RHSA-2023:2124 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:2123 https://access.redhat.com/errata/RHSA-2023:2123 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2023:2125 https://access.redhat.com/errata/RHSA-2023:2125 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:2126 https://access.redhat.com/errata/RHSA-2023:2126 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-30570 |