[gentoo-announce] [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
Date:	Mon, 12 Dec 2005 15:01:54
Message-Id:	`439D8C37.10802@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200512-04

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol

9

            implementation

10

      Date: December 12, 2005

11

      Bugs: #112568, #113201

12

        ID: 200512-04

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

Openswan and IPsec-Tools suffer from an implementation flaw which may

20

allow a Denial of Service attack.

21

22

Background

23

==========

24

25

Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port

26

of KAME's implementation of the IPsec utilities, including racoon, an

27

Internet Key Exchange daemon. Internet Key Exchange version 1 (IKEv1),

28

a derivate of ISAKMP, is an important part of IPsec. IPsec is widely

29

used to secure exchange of packets at the IP layer and mostly used to

30

implement Virtual Private Networks (VPNs).

31

32

Affected packages

33

=================

34

35

    -------------------------------------------------------------------

36

     Package                   /  Vulnerable  /             Unaffected

37

    -------------------------------------------------------------------

38

  1  net-misc/openswan              < 2.4.4                   >= 2.4.4

39

  2  net-firewall/ipsec-tools       < 0.6.3                   >= 0.6.3

40

                                                          *>= 0.6.2-r1

41

                                                            *>= 0.4-r2

42

    -------------------------------------------------------------------

43

     2 affected packages on all of their supported architectures.

44

    -------------------------------------------------------------------

45

46

Description

47

===========

48

49

The Oulu University Secure Programming Group (OUSPG) discovered that

50

various ISAKMP implementations, including Openswan and racoon (included

51

in the IPsec-Tools package), behave in an anomalous way when they

52

receive and handle ISAKMP Phase 1 packets with invalid or abnormal

53

contents.

54

55

Impact

56

======

57

58

A remote attacker can create a specially crafted packet using 3DES with

59

an invalid key length, resulting in a Denial of Service attack, format

60

string vulnerabilities or buffer overflows.

61

62

Workaround

63

==========

64

65

Avoid using "aggressive mode" in ISAKMP Phase 1, which exchanges

66

information between the sides before there is a secure channel.

67

68

Resolution

69

==========

70

71

All Openswan users should upgrade to the latest version:

72

73

    # emerge --sync

74

    # emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.4"

75

76

All IPsec-Tools users should upgrade to the latest version:

77

78

    # emerge --sync

79

    # emerge --ask --oneshot --verbose net-firewall/ipsec-tools

80

81

References

82

==========

83

84

  [ 1 ] CVE-2005-3671

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3671

86

  [ 2 ] CVE-2005-3732

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732

88

  [ 3 ] Original Advisory

89

        http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/

90

91

Availability

92

============

93

94

This GLSA and any updates to it are available for viewing at

95

the Gentoo Security Website:

96

97

  http://security.gentoo.org/glsa/glsa-200512-04.xml

98

99

Concerns?

100

=========

101

102

Security is a primary focus of Gentoo Linux and ensuring the

103

confidentiality and security of our users machines is of utmost

104

importance to us. Any security concerns should be addressed to

105

security@g.o or alternatively, you may file a bug at

106

http://bugs.gentoo.org.

107

108

License

109

=======

110

111

Copyright 2005 Gentoo Foundation, Inc; referenced text

112

belongs to its owner(s).

113

114

The contents of this document are licensed under the

115

Creative Commons - Attribution / Share Alike license.

116

117

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200512-04
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol
9	implementation
10	Date: December 12, 2005
11	Bugs: #112568, #113201
12	ID: 200512-04
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	Openswan and IPsec-Tools suffer from an implementation flaw which may
20	allow a Denial of Service attack.
21
22	Background
23	==========
24
25	Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port
26	of KAME's implementation of the IPsec utilities, including racoon, an
27	Internet Key Exchange daemon. Internet Key Exchange version 1 (IKEv1),
28	a derivate of ISAKMP, is an important part of IPsec. IPsec is widely
29	used to secure exchange of packets at the IP layer and mostly used to
30	implement Virtual Private Networks (VPNs).
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 net-misc/openswan < 2.4.4 >= 2.4.4
39	2 net-firewall/ipsec-tools < 0.6.3 >= 0.6.3
40	*>= 0.6.2-r1
41	*>= 0.4-r2
42	-------------------------------------------------------------------
43	2 affected packages on all of their supported architectures.
44	-------------------------------------------------------------------
45
46	Description
47	===========
48
49	The Oulu University Secure Programming Group (OUSPG) discovered that
50	various ISAKMP implementations, including Openswan and racoon (included
51	in the IPsec-Tools package), behave in an anomalous way when they
52	receive and handle ISAKMP Phase 1 packets with invalid or abnormal
53	contents.
54
55	Impact
56	======
57
58	A remote attacker can create a specially crafted packet using 3DES with
59	an invalid key length, resulting in a Denial of Service attack, format
60	string vulnerabilities or buffer overflows.
61
62	Workaround
63	==========
64
65	Avoid using "aggressive mode" in ISAKMP Phase 1, which exchanges
66	information between the sides before there is a secure channel.
67
68	Resolution
69	==========
70
71	All Openswan users should upgrade to the latest version:
72
73	# emerge --sync
74	# emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.4"
75
76	All IPsec-Tools users should upgrade to the latest version:
77
78	# emerge --sync
79	# emerge --ask --oneshot --verbose net-firewall/ipsec-tools
80
81	References
82	==========
83
84	[ 1 ] CVE-2005-3671
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3671
86	[ 2 ] CVE-2005-3732
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732
88	[ 3 ] Original Advisory
89	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
90
91	Availability
92	============
93
94	This GLSA and any updates to it are available for viewing at
95	the Gentoo Security Website:
96
97	http://security.gentoo.org/glsa/glsa-200512-04.xml
98
99	Concerns?
100	=========
101
102	Security is a primary focus of Gentoo Linux and ensuring the
103	confidentiality and security of our users machines is of utmost
104	importance to us. Any security concerns should be addressed to
105	security@g.o or alternatively, you may file a bug at
106	http://bugs.gentoo.org.
107
108	License
109	=======
110
111	Copyright 2005 Gentoo Foundation, Inc; referenced text
112	belongs to its owner(s).
113
114	The contents of this document are licensed under the
115	Creative Commons - Attribution / Share Alike license.
116
117	http://creativecommons.org/licenses/by-sa/2.0