A security issue in NM-libreswan, where we fail to sanitize the VPN configuration from a local unprivileged user and pass it directly to Libreswan. The libreswan connection configuration is simple key=value format, but we fail to check for or escape special characters, including newlines, which makes it possible for the user to trick us to treat values as key. Unfortunately, there's one particular key that takes an executable command as an argument: leftupdown (couldn't find more in ipsec.conf(5)). We normally use it to specify the NM-libreswan callback, that would pass L3 configuration back to NM. It can be abused to execute arbitrary code.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:8312 https://access.redhat.com/errata/RHSA-2024:8312
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Advanced Update Support Via RHSA-2024:8338 https://access.redhat.com/errata/RHSA-2024:8338
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:8356 https://access.redhat.com/errata/RHSA-2024:8356
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:8358 https://access.redhat.com/errata/RHSA-2024:8358
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:8357 https://access.redhat.com/errata/RHSA-2024:8357
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:8353 https://access.redhat.com/errata/RHSA-2024:8353
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:8354 https://access.redhat.com/errata/RHSA-2024:8354
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:8355 https://access.redhat.com/errata/RHSA-2024:8355
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:8352 https://access.redhat.com/errata/RHSA-2024:8352
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9555 https://access.redhat.com/errata/RHSA-2024:9555
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2024:9556 https://access.redhat.com/errata/RHSA-2024:9556