Bug 1026152 - (CVE-2013-6076) CVE-2013-6076 strongswan: denial of service when handling IKEv1 fragmentation payloads
CVE-2013-6076 strongswan: denial of service when handling IKEv1 fragmentation...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20131101,repor...
: Security
Depends On: 1026154
Blocks: 1026157
  Show dependency treegraph
 
Reported: 2013-11-03 23:41 EST by Murray McAllister
Modified: 2015-07-31 03:12 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-02-13 03:40:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Murray McAllister 2013-11-03 23:41:40 EST
A NULL pointer dereference flaw was discovered in strongSwan's IKE daemon, charon. An attacker could use this flaw to crash charon by sending a specially-crafted IKEv1 fragmentation payload.

strongSwan 5.1.1 corrects this flaw. A patch is provided for versions 5.0.2 and newer:

http://download.strongswan.org/security/CVE-2013-6076/strongswan-5.0.2-5.1.0_ikev1_fragment.patch

External References:

http://strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-(cve-2013-6076).html
Comment 1 Murray McAllister 2013-11-03 23:46:12 EST
Created strongswan tracking bugs for this issue:

Affects: epel-6 [bug 1026154]
Comment 2 Murray McAllister 2013-11-03 23:48:36 EST
Looks like this issue is already fixed in the packages for Fedora testing so I did not file a tracking bug.

http://koji.fedoraproject.org/koji/buildinfo?buildID=475229
http://koji.fedoraproject.org/koji/buildinfo?buildID=475223
http://koji.fedoraproject.org/koji/buildinfo?buildID=475220
Comment 3 Fedora Update System 2014-01-24 21:26:01 EST
strongswan-5.1.1-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2014-01-24 21:26:59 EST
strongswan-5.1.1-4.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2014-01-25 00:09:28 EST
strongswan-5.1.1-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Huzaifa S. Sidhpurwala 2014-02-13 03:40:59 EST
Statement:

Not Vulnerable. This issue does not affect the version of openswan as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.