2187165 – (CVE-2023-30570) CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

Bug 2187165 (CVE-2023-30570) - CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan

Summary: CVE-2023-30570 libreswan: Malicious IKEv1 Aggressive Mode packets can crash l...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2023-30570
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2187169 2187170 2187171 2187172 2187173 2187174 2187175 2187176 2187177 2187178 2187179 2187180 2193034
Blocks:	2187158
TreeView+	depends on / blocked

Reported:	2023-04-17 06:30 UTC by Sandipan Roy
Modified:	2023-05-17 07:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible.
Clone Of:
Environment:
Last Closed:	2023-05-17 07:41:09 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2023:2688	None	None	None	2023-05-09 20:29:43 UTC
Red Hat Product Errata	RHBA-2023:2689	None	None	None	2023-05-09 20:46:48 UTC
Red Hat Product Errata	RHBA-2023:2690	None	None	None	2023-05-09 22:30:33 UTC
Red Hat Product Errata	RHSA-2023:2120	None	None	None	2023-05-04 13:03:15 UTC
Red Hat Product Errata	RHSA-2023:2121	None	None	None	2023-05-04 13:05:34 UTC
Red Hat Product Errata	RHSA-2023:2122	None	None	None	2023-05-04 13:14:47 UTC
Red Hat Product Errata	RHSA-2023:2123	None	None	None	2023-05-04 13:15:19 UTC
Red Hat Product Errata	RHSA-2023:2124	None	None	None	2023-05-04 13:14:55 UTC
Red Hat Product Errata	RHSA-2023:2125	None	None	None	2023-05-04 13:16:43 UTC
Red Hat Product Errata	RHSA-2023:2126	None	None	None	2023-05-04 13:16:49 UTC

Description Sandipan Roy 2023-04-17 06:30:51 UTC

When an IKEv1 Aggressive Mode packet is received with only unacceptable
crypto algorithms, the response packet is not sent with a zero responder
SPI. When a subsequent packet is received where the sender re-uses the
libreswan responder SPI as its own initiator SPI, the pluto daemon state
machine crashes.  No remote code execution is possible.

https://github.com/libreswan/libreswan/issues/1039

Comment 7 TEJ RATHI 2023-05-04 04:36:12 UTC

CVE-2023-30570 is public now : https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt

Comment 8 TEJ RATHI 2023-05-04 04:51:40 UTC

Created libreswan tracking bugs for this issue:

Affects: fedora-all [bug 2193034]

Comment 9 errata-xmlrpc 2023-05-04 13:03:14 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2120 https://access.redhat.com/errata/RHSA-2023:2120

Comment 10 errata-xmlrpc 2023-05-04 13:05:33 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:2121 https://access.redhat.com/errata/RHSA-2023:2121

Comment 11 errata-xmlrpc 2023-05-04 13:14:46 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:2122 https://access.redhat.com/errata/RHSA-2023:2122

Comment 12 errata-xmlrpc 2023-05-04 13:14:53 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:2124 https://access.redhat.com/errata/RHSA-2023:2124

Comment 13 errata-xmlrpc 2023-05-04 13:15:18 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:2123 https://access.redhat.com/errata/RHSA-2023:2123

Comment 14 errata-xmlrpc 2023-05-04 13:16:42 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:2125 https://access.redhat.com/errata/RHSA-2023:2125

Comment 15 errata-xmlrpc 2023-05-04 13:16:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:2126 https://access.redhat.com/errata/RHSA-2023:2126

Comment 17 Product Security DevOps Team 2023-05-17 07:41:07 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-30570

Note You need to log in before you can comment on or make changes to this bug.