Bug 1054022 – CVE-2013-7294 libreswan: DoS via an IKEv2 I1 notification

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1054022 - (CVE-2013-7294) CVE-2013-7294 libreswan: DoS via an IKEv2 I1 notification

Summary:	CVE-2013-7294 libreswan: DoS via an IKEv2 I1 notification

Status:	CLOSED CURRENTRELEASE

Aliases:	CVE-2013-7294

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20131126,repor...
Keywords:	Security

Depends On:	1054024
Blocks:	1054025
	Show dependency tree / graph

Reported:	2014-01-16 01:00 EST by Ratul Gupta
Modified:	2015-10-15 14:12 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	libreswan 3.7
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2015-02-19 16:42:56 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Ratul Gupta 2014-01-16 01:00:28 EST

Common Vulnerabilities and Exposures assigned an identifier CVE-2013-7294 to the following vulnerability:

Name: CVE-2013-7294
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7294
Assigned: 20140115
Reference: https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
Reference: https://github.com/libreswan/libreswan/commit/2899351224fe2940aec37d7656e1e392c0fe07f0
Reference: OSVDB:101573
Reference: http://www.osvdb.org/101573
Reference: SECUNIA:56276
Reference: http://secunia.com/advisories/56276

The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in libreswan before 3.7 allows remote attackers to cause a denial of service (restart) via an IKEv2 I1 notification without a KE payload.

Comment 3 Paul Wouters 2014-01-17 14:52:58 EST

who created this CVE number? It is wrong.

This is covered in CVE-2013-6467. The openswan CVE for this is CVE-2013-6466

See: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt

Comment 4 Paul Wouters 2014-01-17 14:56:29 EST

sorry my bad. this is referring to the _previous_ CVE.

While openswan had the same bug, it could not cause a problem because of a size of IKE packet versus described length check. in libreswan 3.7, this check has more conditionals due to an added ike padding feature, and thus exposing the vulnerable code in some cases. So there is no openswan CVE for libreswan  CVE-2013-7294

Comment 7 Kurt Seifried 2015-02-19 16:42:56 EST

This was addressed in the release of RHEL 7.

Note You need to log in before you can comment on or make changes to this bug.