Bug 1173064 (CVE-2014-9221) - CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when processing crafted Key Exchange payload
Summary: CVE-2014-9221 strongswan: denial-of-service vulnerability in libtls when proc...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-9221
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1178956 1178957 1205617
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-12-11 11:45 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 05:54 UTC (History)
1 user (show)

Fixed In Version: strongSwan 5.2.2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 02:37:08 UTC


Attachments (Terms of Use)
strongswan-5.1.1_modp_custom.patch (1.98 KB, patch)
2014-12-11 11:50 UTC, Vasyl Kaigorodov
no flags Details | Diff
strongswan-5.1.2-5.2.1_modp_custom.patch (2.44 KB, patch)
2014-12-11 11:50 UTC, Vasyl Kaigorodov
no flags Details | Diff
strongswan-4.5.0-4.5.3_dh_group.patch (1.83 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-4.5.0-4.5.3_modp_custom.patch (4.14 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-4.6.0-5.0.2_dh_group.patch (2.25 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-4.6.0-5.0.2_modp_custom.patch (4.63 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-5.0.3-5.1.0_modp_custom.patch (5.13 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-5.0.3-5.1.1_dh_group.patch (2.68 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-5.1.1_modp_custom.patch (5.12 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-5.1.2-5.2.1_dh_group.patch (3.07 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details
strongswan-5.1.2-5.2.1_modp_custom.patch (6.05 KB, text/plain)
2014-12-19 13:04 UTC, Vasyl Kaigorodov
no flags Details

Description Vasyl Kaigorodov 2014-12-11 11:45:58 UTC
One strongSwan users reported a denial-of-service vulnerability in
strongSwan. Affected are strongSwan versions 4.5.0 and newer, including
the latest 5.2.1.

The bug can be triggered by an IKEv2 Key Exchange (KE) payload that
contains the Diffie-Hellman (DH) group 1025. This identifier is from
the private-use range and only used internally by libtls for DH groups
with custom generator and prime (MODP_CUSTOM). As such the instantiated
method expects that these two values are passed to the constructor.
This is not the case when a DH object is created based on the group in
the KE payload. Therefore, an invalid pointer is dereferenced later,
which causes a segmentation fault. This means that the daemon can be
crashed with a single IKE_SA_INIT message containing such a KE payload.

Remote code execution is not possible due to this issue, nor is IKEv1
affected in charon or pluto.

The attached patches fix the vulnerability in the different strongSwan
versions and should apply with appropriate hunk offsets.

This issue is fixed in strongSwan 5.2.2 which will be released on
Dec 22nd, 12:00 noon UTC.

Statement:

This issue did not affect the versions of strongimcv as shipped with Red Hat Enterprise Linux 7 as they did not include support for strongswan IKEv1/IKEv2.

Acknowledgements:

Red Hat would like to thank the strongSwan developers for reporting this issue. Upstream acknowledges Mike Daskalakis as the original reporter.

Comment 1 Vasyl Kaigorodov 2014-12-11 11:50:07 UTC
Created attachment 967203 [details]
strongswan-5.1.1_modp_custom.patch

Comment 2 Vasyl Kaigorodov 2014-12-11 11:50:41 UTC
Created attachment 967204 [details]
strongswan-5.1.2-5.2.1_modp_custom.patch

Comment 4 Vasyl Kaigorodov 2014-12-11 16:26:58 UTC
Upstrem decided to move dislosure date earlier:
...
Due to feedback we received we will not do the release in Christmas
week. Instead we'll disclose the vulnerability and release 5.2.2 on
Friday Dec 19th, 12:00 noon UTC.
...

Comment 5 Vasyl Kaigorodov 2014-12-19 12:59:17 UTC
Another upstream update, disclosure date moved to Jan 5th 2015:
...
Our integration tests that we run before every release revealed that
these patches were inadequate. They broke most of the TLS scenarios.
The intention was to increase the identifier of MODP_CUSTOM beyond the
16-bit size limit of DH identifiers in IKEv2 so this DH group can't be
negotiated anymore. A side effect of this is that the size of the
diffie_hellman_group_t enum increases to 32-bit. The problem with that
is that it went unnoticed that the Diffie Hellman implementations in the
different plugins (gmp, openssl etc.) internally used u_int16_t instead
of diffie_hellman_group_t to store the group identifier.

One set of the attached patches fix this specific problem in the
respective strongSwan versions and should apply with appropriate hunk
offsets. Patches that include both fixes are attached too.

I'm terribly sorry we missed this issue earlier and having to send this
email so close to the intended release date. Instead of rushing out the
5.2.2 release and the vulnerability disclosure today, we will move the
release date to Jan 5th, 12:00 noon UTC.

For a coordinated public disclosure of the issue we're kindly asking
to hold back any prepared release for today and defer such releases to
the mentioned date.

Once again, our apologies for the inconvenience.

Comment 6 Vasyl Kaigorodov 2014-12-19 13:04:03 UTC
Created attachment 971115 [details]
strongswan-4.5.0-4.5.3_dh_group.patch

Comment 7 Vasyl Kaigorodov 2014-12-19 13:04:06 UTC
Created attachment 971116 [details]
strongswan-4.5.0-4.5.3_modp_custom.patch

Comment 8 Vasyl Kaigorodov 2014-12-19 13:04:08 UTC
Created attachment 971117 [details]
strongswan-4.6.0-5.0.2_dh_group.patch

Comment 9 Vasyl Kaigorodov 2014-12-19 13:04:11 UTC
Created attachment 971118 [details]
strongswan-4.6.0-5.0.2_modp_custom.patch

Comment 10 Vasyl Kaigorodov 2014-12-19 13:04:13 UTC
Created attachment 971119 [details]
strongswan-5.0.3-5.1.0_modp_custom.patch

Comment 11 Vasyl Kaigorodov 2014-12-19 13:04:16 UTC
Created attachment 971120 [details]
strongswan-5.0.3-5.1.1_dh_group.patch

Comment 12 Vasyl Kaigorodov 2014-12-19 13:04:19 UTC
Created attachment 971121 [details]
strongswan-5.1.1_modp_custom.patch

Comment 13 Vasyl Kaigorodov 2014-12-19 13:04:21 UTC
Created attachment 971122 [details]
strongswan-5.1.2-5.2.1_dh_group.patch

Comment 14 Vasyl Kaigorodov 2014-12-19 13:04:24 UTC
Created attachment 971123 [details]
strongswan-5.1.2-5.2.1_modp_custom.patch

Comment 16 Vincent Danen 2015-01-05 18:40:43 UTC
Created strongswan tracking bugs for this issue:

Affects: fedora-all [bug 1178956]
Affects: epel-all [bug 1178957]

Comment 17 Fedora Update System 2015-03-29 05:04:31 UTC
strongswan-5.2.2-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2015-08-17 19:07:03 UTC
strongswan-5.3.2-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.