A vulnerability was found in Libreswan in version 3.27 and before 3.32, where libreswan's pluto daemon crashes on receiving an unauthenticated malicious IKEv1 Informational Exchange packet.
As per upstream (https://bugzilla.redhat.com/show_bug.cgi?id=1813329#c2): offending upstream commit: fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 is the first bad commit commit fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 Author: D. Hugh Redelmeier <hugh> Date: Wed Sep 19 12:51:01 2018 -0400 pluto: ikev1.c: when rejecting an unexpected payload, log the state name programs/pluto/ikev1.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
Acknowledgments: Name: Paul Wouters (Red Hat)
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
External References: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
Created libreswan tracking bugs for this issue: Affects: epel-6 [bug 1834595] Affects: fedora-all [bug 1834594]
Statement: This flaw does not affect the version of libreswan shipped with Red Hat Enterprise Linux 6 and 7 because they did not ship the vulnerable code. (The offending commit fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 and others was introduced in libreswan-3.27)
Upstream patch: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2069 https://access.redhat.com/errata/RHSA-2020:2069
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2071 https://access.redhat.com/errata/RHSA-2020:2071
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2070 https://access.redhat.com/errata/RHSA-2020:2070
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1763
*** Bug 1813392 has been marked as a duplicate of this bug. ***