ID

VAR-201401-0259

CVE

CVE-2013-6466

TITLE

Openswan Service disruption in (DoS) Vulnerabilities

DESCRIPTION

Openswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Openswan is a VPN implemented using ipsec technology. Openswan is prone to a remote denial-of-service vulnerability. An attacker may exploit this issue to restart the application, resulting in a denial-of-service condition to legitimate users. Openswan 2.6.39 and prior are vulnerable. CVE-2013-2053 During an audit of Libreswan (with which Openswan shares some code), Florian Weimer found a remote buffer overflow in the atodn() function. This vulnerability can be triggered when Opportunistic Encryption (OE) is enabled and an attacker controls the PTR record of a peer IP address. Authentication is not needed to trigger the vulnerability. CVE-2013-6466 Iustina Melinte found a vulnerability in Libreswan which also applies to the Openswan code. By carefuly crafting IKEv2 packets, an attacker can make the pluto daemon derefeences non-received IKEv2 payload, leading to the daemon crash. Authentication is not needed to trigger the vulnerability. Patches were originally written to fix the vulnerabilities in Libreswan, and have been ported to Openswan by Paul Wouters from the Libreswan Project. Since the Openswan package is not maintained anymore in the Debian distribution and is not available in testing and unstable suites, it is recommended for IKE/IPsec users to switch to a supported implementation like strongSwan. For the oldstable distribution (squeeze), these problems have been fixed in version 2.6.28+dfsg-5+squeeze2. For the stable distribution (wheezy), these problems have been fixed in version 2.6.37-3.1. We recommend that you upgrade your openswan packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openswan security update Advisory ID: RHSA-2014:0185-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0185.html Issue date: 2014-02-18 CVE Names: CVE-2013-6466 ===================================================================== 1. Summary: Updated openswan packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. (CVE-2013-6466) All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1050277 - CVE-2013-6466 openswan: dereferencing missing IKEv2 payloads causes pluto daemon to restart 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm i386: openswan-2.6.32-7.3.el5_10.i386.rpm openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm openswan-doc-2.6.32-7.3.el5_10.i386.rpm x86_64: openswan-2.6.32-7.3.el5_10.x86_64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/openswan-2.6.32-7.3.el5_10.src.rpm i386: openswan-2.6.32-7.3.el5_10.i386.rpm openswan-debuginfo-2.6.32-7.3.el5_10.i386.rpm openswan-doc-2.6.32-7.3.el5_10.i386.rpm ia64: openswan-2.6.32-7.3.el5_10.ia64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.ia64.rpm openswan-doc-2.6.32-7.3.el5_10.ia64.rpm ppc: openswan-2.6.32-7.3.el5_10.ppc.rpm openswan-debuginfo-2.6.32-7.3.el5_10.ppc.rpm openswan-doc-2.6.32-7.3.el5_10.ppc.rpm s390x: openswan-2.6.32-7.3.el5_10.s390x.rpm openswan-debuginfo-2.6.32-7.3.el5_10.s390x.rpm openswan-doc-2.6.32-7.3.el5_10.s390x.rpm x86_64: openswan-2.6.32-7.3.el5_10.x86_64.rpm openswan-debuginfo-2.6.32-7.3.el5_10.x86_64.rpm openswan-doc-2.6.32-7.3.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm ppc64: openswan-2.6.32-27.2.el6_5.ppc64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm s390x: openswan-2.6.32-27.2.el6_5.s390x.rpm openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm ppc64: openswan-debuginfo-2.6.32-27.2.el6_5.ppc64.rpm openswan-doc-2.6.32-27.2.el6_5.ppc64.rpm s390x: openswan-debuginfo-2.6.32-27.2.el6_5.s390x.rpm openswan-doc-2.6.32-27.2.el6_5.s390x.rpm x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm i386: openswan-2.6.32-27.2.el6_5.i686.rpm openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm x86_64: openswan-2.6.32-27.2.el6_5.x86_64.rpm openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/openswan-2.6.32-27.2.el6_5.src.rpm i386: openswan-debuginfo-2.6.32-27.2.el6_5.i686.rpm openswan-doc-2.6.32-27.2.el6_5.i686.rpm x86_64: openswan-debuginfo-2.6.32-27.2.el6_5.x86_64.rpm openswan-doc-2.6.32-27.2.el6_5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-6466.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTA6D7XlSAg2UNWIIRAkO0AKCCIbfDJPZuuXS7U6rZU8/CimQlxwCeIPUb dpyjtxp6hcgn2NES8FPSOkw= =jFWA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== Openswan is an implementation of IPsec for Linux. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/openswan <= 2.6.39-r1 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Impact ====== A remote attacker could create a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== Gentoo has discontinued support for Openswan. We recommend that users unmerge Openswan: # emerge --unmerge "net-misc/openswan" NOTE: The Gentoo developer(s) maintaining Openswan have discontinued support at this time. It may be possible that a new Gentoo developer will update Openswan at a later date. Alternatives packages such as Libreswan and strongSwan are currently available in Gentoo Portage. References ========== [ 1 ] CVE-2013-6466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6466 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201411-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Iustina Melinte

SOURCES

LAST UPDATE DATE

2024-11-23T20:41:38.875000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE