SB2014010704 - Multiple vulnerabilities in libreswan

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2013-6467)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.

2) Race condition (CVE-ID: CVE-2013-7283)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd temporary file.

3) Input validation error (CVE-ID: CVE-2013-4564)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.

Remediation

Install update from vendor's website.

References

• http://osvdb.org/102172
• http://secunia.com/advisories/56420
• http://www.securityfocus.com/bid/64987
• https://exchange.xforce.ibmcloud.com/vulnerabilities/90522
• https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
• http://secunia.com/advisories/56276
• http://www.osvdb.org/101575
• https://github.com/libreswan/libreswan/commit/ef2d756e73a188401c36133c2e2f7ce4f3c6ae55
• https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html
• http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html
• http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html
• http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html
• https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc