Multiple vulnerabilities in libreswan
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2013-6467 CVE-2013-7283 CVE-2013-4564 |
| CWE-ID | CWE-20 CWE-362 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
libreswan Universal components / Libraries / Libraries used by multiple products |
| Vendor | libreswan.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42103
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2013-6467
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.
MitigationInstall update from vendor's website.
Vulnerable software versionslibreswan: 3.0 - 3.6
External linkshttp://osvdb.org/102172
http://secunia.com/advisories/56420
http://www.securityfocus.com/bid/64987
http://exchange.xforce.ibmcloud.com/vulnerabilities/90522
http://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Race condition
EUVDB-ID: #VU42171
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-7283
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.
MitigationInstall update from vendor's website.
Vulnerable software versionslibreswan: 3.6
External linkshttp://secunia.com/advisories/56276
http://www.osvdb.org/101575
http://github.com/libreswan/libreswan/commit/ef2d756e73a188401c36133c2e2f7ce4f3c6ae55
http://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU42179
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2013-4564
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
MitigationInstall update from vendor's website.
Vulnerable software versionslibreswan: 3.6
External linkshttp://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html
http://secunia.com/advisories/56276
http://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
http://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
