-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2015-3240 libreswan/openswan: denial of service via IKE daemon restart
              when receiving a bad DH gx by peer 

URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2015-3240

This alert (and any possible updates) is available at the following URLs:
https://libreswan.org/security/CVE-2015-3240/

The Libreswan Project discovered that receiving a g^x value of zero from
an unauthenticated remote peer was not handled properly by the pluto IKE
daemon, causing the pluto IKE daemon to restart. The vulnerability is
present in libreswan and its predecessor openswan.


Vulnerable versions: libreswan up to version 3.14
                     openswan (if compiled with NSS) up to version 2.6.44
Not vulnerable     : libreswan 3.15 and newer

If you cannot upgrade to libreswan 3.15, please see the above link for a
patch for this issue.

Vulnerability information
- -------------------------

The NSS library returns NULL when DiffieHellman exponentiation fails. The
IKE daemon pluto verifies that the result is not NULL and triggers a
passert() when it is NULL. This causes the IKE daemon pluto to restart.

Exploitation
- ------------

This denial of service can be launched by anyone using a single IKE packet.
No authentication credentials are required. No remote code execution is
possible through this vulnerability. Libreswan automatically restarts when
it crashes.

Workaround
- ----------

There is no workaround. Either upgrade or use the supplied patch in the
above listed resource URL.

Credits
- ---------

This vulnerability was found by The Libreswan Team.

About libreswan (https://libreswan.org/)
- ----------------------------------------

Libreswan is a free implementation of the Internet Protocol Security
(IPsec) suite and Internet Key Exchange (IKE) protocols. It is a
descendant (fork) of openswan 2.6.38.

IPsec uses strong cryptography to provide both authentication and
encryption services. These services allow you to build secure tunnels
through untrusted networks. Everything passing through the untrusted
network is encrypted by the IPsec gateway machine, and decrypted by
the gateway at the other end of the tunnel. The resulting tunnel is a
virtual private network (VPN).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV2oPcAAoJEIX/S0OzD8b5tWUP/A6uKpPODCsq9aThgl3vIIvb
cUwwVOAspoWKVmHWWEPyqY0Lkjrh7M8IphWyA6w72lyIWdTkRXhzsFbxGZGv1RRo
DDjqQf5mXtxKedayQHf/lP4x1ugRd9KbSoCQ8Y0ycyQMMng5SDg+aqDhLs0tNQO1
xTEWCCl8IjCB4biWKmx7M8wl276bfNHVMJuOg6UlW6j/leo7k5W+rmB6kYQRApwe
6LYK50xqxxKkur1K1UoQkI5V2tLxOu1GfqZR3sUPUUjAh8T+Ir6yjqYFKfvHd6Fe
Mzv/HedasrPGldObl5KPUZtxNQes1gOJPnmJ7sxl3Pf+XaxL10SgBGhpNsZUqFkb
Rnzsie81QYbDne6j7R3k1TZuAOl6dk0t7z9gu2n2UAdGERjv08cSKBrlZSTYKrc/
Fzmu4PXUpvkS8icLWMMuAVJMGSKiraoxObiM5rtk4WsotsAG3EdB8gM+MAIaRbAn
npRbvVC6UsBKCr5fRiZb0cg56e9M11VRdFg6gN22VC7wWt+N4SBdq4W2YV3QDwr9
KOFkZekdoohjRogwJSzw6nYeawpk93Ib1rWb69vVh8pcf/+AnbkzWuWA++pHeLgf
cIJcFupiSkKc4jMts6AJ1tNPHeyAIOt0qD+e1XBun3VL8xGo5EqvI/Ckdq7c3IrQ
vm4RSsUTFdOALQzyc2Af
=0JhX
-----END PGP SIGNATURE-----
