Paul Wouters of Red Hat reported a denial of service issue in libreswan/openswan: If the peer sends us a DH gx value of 0, openswan/libreswan passes it to the NSS library, which returns NULL because it cannot perform DH with 0, which hits a passert() in the swan code. An attacker can keep connecting to the service and perform the bad DH, causing a denial of service.
This issue is now public: https://libreswan.org/security/CVE-2015-3240/
Created libreswan tracking bugs for this issue: Affects: epel-all [bug 1256803]
libreswan-3.15-1.fc21 has been pushed to the Fedora 21 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update libreswan'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14179
note that using libreswan-3,15 you can test sending a bad g^x by running: ipsec start ipsec auto --add connname ipsec whack --debug-all --impair-send-zero-gx ipsec auto --up connname
Acknowledgement: This issue was discovered by Paul Wouters of Red Hat.
External References: https://libreswan.org/security/CVE-2015-3240/
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:1979 https://rhn.redhat.com/errata/RHSA-2015-1979.html