-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Release date: Wednesday, January 11, 2022
Contact: security@libreswan.org
PGP key: 907E790F25C1E8E561CD73B585FF4B43B30FC6F9

=====================================================================
CVE-2022-23094: Malicious IKEv1 packet can cause libreswan to restart
=====================================================================

This alert (and any updates) are available at the following URLs:
https://libreswan.org/security/CVE-2022-23094/

The Libreswan Project was notified by github user "MyOzCam" of an
issue with receiveing a malformed IKEv1 packet that crashed their
server. A malformed packet that is being rejected triggers a logging
action that causes a NULL pointer dereference leading to a crash of
the pluto daemon.

Vulnerable versions: libreswan 4.2 - 4.5
Not vulnerable     : libreswan 3.x, 4.0, 4.1 and 4.6+

Vulnerability information
=========================
A log message added in libreswan 4.2 assumes that an IKEv1 state is
created. In certain malformed packets, libreswan will attempt to log
this but mistakenly assumes there is a state object to use to display
the state object number. Some malformed packets are caught early enough
that no state object is created. The log routine lookup then results
in a NULL pointer dereference causing the libreswan IKE daemon to crash
and restart. This can happen when receiving malformed packets from an
IKE initiator using IKEv1 Main Mode or IKEv1 Aggressive Mode.


Exploitation
============
This vulnerability cannot be abused for a remote code execution or an
authentication bypass. But by continuing to send these packets, a
denial of service attack against the libreswan IKE service is possible.

Workaround
==========
If all configured connections are using IKEv2, the IKEv1 subsystem can be
disabled by adding the option ikev1-policy=drop to the "config setup"
section of ipsec.conf. Alternatively, libreswan can be compiled with
USE_IKEv1=false.

If all remote peers are on static IP addresses, a firewall rule blocking
UDP port 500 and 4500 can be installed to prevent attackers from
sending packets to the pluto IKE daemon.

If peers appear on dynamic IP addresses and IKEv1 connections must be
supported, then no workarounds are known and libreswan must be updated
or patched.

History
=======
* 2021-12-20 Initial report via https://github.com/libreswan/libreswan/issues/585
* 2021-12-21 Issue was fixed in the git main branch
* 2022-01-11 Delayed release date to avoid holiday and end of year timing problems
* 2022-01-13 Updated patch for Libreswan 4.2 and 4.3

Credits
=======
This vulnerability was found and reported by github user MyOzCam.

Upgrading
=========
To address this vulnerability, please upgrade to libreswan 4.6 or later.
For those who cannot upgrade, patches are provided at the above URL,
and are included for reference below.

About libreswan (https://libreswan.org/)
========================================
Libreswan is a free implementation of the Internet Key Exchange (IKE)
protocols IKEv1 and IKEv2. It is a descendant (continuation fork) of
openswan 2.6.38. IKE is used to establish IPsec VPN connections.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).

Patches
=======
Please note that email clients might mangle the patch text included.
Please use the above advisory URL to download a proper patch file.

===============================
Patch for libreswan 4.2 or 4.3:
===============================
diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 4f644fd4f8..e0f3652aa9 100644
- --- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2097,7 +2097,9 @@ void process_packet_tail(struct msg_digest *md)
 					diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
 								 &pd->payload, sizeof(pd->payload), &pd->pbs);
 					if (d != NULL) {
- -						log_diag(RC_LOG, st->st_logger, &d, "%s", "");
+						log_diag(RC_LOG,
+							st != NULL ? st->st_logger : md->md_logger,
+							&d, "%s", "");
 						LOG_PACKET(RC_LOG_SERIOUS,
 							   "%smalformed payload in packet",
 							   excuse);
@@ -2161,7 +2163,9 @@ void process_packet_tail(struct msg_digest *md)
 						 &pd->payload, sizeof(pd->payload),
 						 &pd->pbs);
 			if (d != NULL) {
- -				log_diag(RC_LOG, st->st_logger, &d, "%s", "");
+				log_diag(RC_LOG,
+					st != NULL ? st->st_logger : md->md_logger,
+					&d, "%s", "");
 				LOG_PACKET(RC_LOG_SERIOUS,
 					   "%smalformed payload in packet",
 					   excuse);
===============================
Patch for libreswan 4.4 or 4.5:
===============================
diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 9f4847874d..f7413f3594 100644
- --- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2103,7 +2103,9 @@ void process_packet_tail(struct msg_digest *md)
 					diag_t d = pbs_in_struct(&md->message_pbs, &isakmp_ignore_desc,
 								 &pd->payload, sizeof(pd->payload), &pd->pbs);
 					if (d != NULL) {
- -						llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+						llog_diag(RC_LOG,
+							st != NULL ? st->st_logger : md->md_logger,
+							&d, "%s", "");
 						LOG_PACKET(RC_LOG_SERIOUS,
 							   "%smalformed payload in packet",
 							   excuse);
@@ -2172,7 +2174,9 @@ void process_packet_tail(struct msg_digest *md)
 						 &pd->payload, sizeof(pd->payload),
 						 &pd->pbs);
 			if (d != NULL) {
- -				llog_diag(RC_LOG, st->st_logger, &d, "%s", "");
+				llog_diag(RC_LOG,
+					st != NULL ? st->st_logger : md->md_logger,
+					&d, "%s", "");
 				LOG_PACKET(RC_LOG_SERIOUS,
 					   "%smalformed payload in packet",
 					   excuse);
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmHgFK0ACgkQhf9LQ7MP
xvnKgQ/+LaIt1wFIOptaBi2hhCblhV26BwUPeEuLqXritl5brETVBFfqtkn0hWzs
tOShhO35988szlBDObuqnQw7aO5CnrAxLS5WRljSpSTKK1s4/a+JExRTzEgrzar9
YAWXbc9x5Vzc234uXxoO4koWS3px679MiXZ8bmezoAu/ANgwvkRvouIhSkYGtQpM
vXvxxsUfvjSk7rbtjiBIvvZQKzPS9rJxy1De8skvoAqrKEaQyJ9mp0LXLqRhAb5n
KeziEACYONrHC1uRf9r+gVKtAX3WRUFZOyEBKUZV1AROVzLpSHaTcsdU+K1gubay
lfHVxWJa/kb0oPF+dT3LA07b85D0377a5RnjM9xhHvAgZBhzixfW31VCp64w7c1S
WE4ZuMjkrDO8U0zf32PHR20dPX57TYGXE1/oQvukgilMon9OMKALP2a7fLRKG7Kn
+9IP1oHndhYD/BqRm+ahKWmd6cWQduV1qiJ3CqUPX2pmX9tchHZAwa06pU0xoh0d
pKWMCVXAsgo5Uk8Fbw2812WPzwJzeaDyB1g5fumurR9bVPmkL3yjSuccQOftMUbd
v8qfkrPL1KmxAulLTr+CVPc290qV+xbZfW5yos6ppHgYkTX7dq+mvBsA7QNKEv4C
H5tBIG6cbMUTWigBMY5zkbbE7YXtIgz65KksKBEqeL6ZfLOZjU0=
=sFAV
-----END PGP SIGNATURE-----
