On https://bugs.debian.org/1066059, Salvatore Bonaccorso wrote:
> The following vulnerability was published for libreswan.
>
> CVE-2024-2357[0]:
> | The Libreswan Project was notified of an issue causing libreswan to
> | restart under some IKEv2 retransmit scenarios when a connection is
> | configured to use PreSharedKeys (authby=secret) and the connection
> | cannot find a matching configured secret. When such a connection is
> | automatically added on startup using the auto= keyword, it can cause
> | repeated crashes leading to a Denial of Service.
I'm attaching a proposed debdiff for libreswan for bookworm, from the
current 4.10-2+deb12u1 to 4.10-2+deb12u3 (4.10-2+deb12u2 appears to have
never made it to publication, which is likely my fault). This is also
pushed to the debian/bookworm branch at
https://salsa.debian.org/debian/libreswan.
In addition to resolving CVE-2024-2357, this debdiff rolls up three
other low-priority CVEs as well, using changesets from upstream.
If anyone from the security team could confirm this, i would be happy to
go ahead with the upload to bookworm-security.
Regards,
--dkg
diff --git a/debian/changelog b/debian/changelog
index f2851b483e..c51e93d091 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+libreswan (4.10-2+deb12u3) bookworm-security; urgency=medium
+
+ * Fix CVE 2024-2357 (Closes: #1066059)
+
+ -- Daniel Kahn Gillmor Tue, 12 Mar 2024 00:14:33 -0400
+
+libreswan (4.10-2+deb12u2) bookworm-security; urgency=medium
+
+ * Fix CVE-2023-38710
+ * Fix CVE-2023-38711
+ * Fix CVE-2023-38712
+
+ -- Daniel Kahn Gillmor Mon, 07 Aug 2023 17:46:29 -0400
+
libreswan (4.10-2+deb12u1) bookworm; urgency=medium
* Fix CVE-2023-30570 (Closes: #1035542)
diff --git a/debian/patches/0006-CVE-2023-38710-Invalid-IKEv2-REKEY-proposal-causes-re.patch b/debian/patches/0006-CVE-2023-38710-Invalid-IKEv2-REKEY-proposal-causes-re.patch
new file mode 100644
index 00..f930a5761c
--- /dev/null
+++ b/debian/patches/0006-CVE-2023-38710-Invalid-IKEv2-REKEY-proposal-causes-re.patch
@@ -0,0 +1,261 @@
+From: Daniel Kahn Gillmor
+Date: Mon, 7 Aug 2023 17:40:21 -0400
+Subject: CVE-2023-38710: Invalid IKEv2 REKEY proposal causes restart
+
+This alert (and any updates) are available at the following URLs:
+https://libreswan.org/security/CVE-2023-38710/
+
+The Libreswan Project was notified by "X1AOxiang" of an issue with receiving
+a malformed IKEv2 REKEY packet would cause a crash and restart of the libreswan
+pluto daemon. When sent continuously, this could lead to a denial of service attack.
+
+Severity: Medium
+Vulnerable versions : libreswan 3.20 - 4.11
+Not vulnerable : libreswan 3.0 - 3.19, 4.12+
+
+Vulnerability information
+=
+When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number
+of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's
+protocol ID is copied from the incoming packet, but the code that verifies
+outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3)
+and causes the pluto daemon to crash and restart.
+
+Exploitation
+
+IKEv2 REKEY requests are only processed when received from authenticated peers,
+limiting the scope of possible attackers to peers who have successfully
+authenticated.
+
+Workaround
+==
+There is no workarounds, please apply the supplied patches or upgrade.
+
+History
+===
+* 2017 Vulnerable code introduced in libreswan 3.20
+* 2023-06-07 Report received via Red Hat
+* 2023-07-19 Prerelease of CVE notification and patches to support customers
+* 2023-08-04 Release of patch and libreswan 4.12
+
+Credits
+===
+This vulnerability was found and reported by X1AOxiang to Red Hat. Thanks to
+Daiki Ueno for contacting the Libreswan Project.
+---
+ programs/pluto/ikev2_create_child_sa.c | 149 -
+ 1 file changed, 89 insertions(+), 60 deletions(-)
+
+diff --git a/programs/pluto/ikev2_create_child_sa.c b/programs/pluto/ikev2_create_child_sa.c
+index 9e29032..e4bf588 100644
+--- a/programs/pluto/ikev2_create_child_sa.c
b/programs/pluto/ikev2_create_child_sa.c
+@@ -175,80 +175,102 @@ static void emancipate_larval_ike_sa(struct ike_sa *old_ike, struct child_sa *ne
+ release_whack(new_ike->sa.st_logger, HERE);
+ }
+
+-static struct child_sa *find_v2N_REKEY_SA_child(struct ike_sa *ike,
+- struct msg_digest *md)
++/*
++ * Find the Child SA identified by the v2N_REKEY_SA payload.
++ *
++ * FALSE: payload corrupt; caller should respond with the fatal
++ * v2N_INVALID_SYNTAX.
++ *
++ * TRUE, CHILD==NULL: payload ok but no matching Child SA was
++ * found. The v2N_CHILD_SA_NOT_FOUND response already recorded using
++ * information extracted from the rekey notify payload.
++ *
++ * TRUE, CHILD!=NULL: payload ok, matching Child SA found.
++ */
++
++static bool find_v2N_REKEY_SA_child(struct ike_sa *ike,
++struct msg_digest *md,
++struct child_sa **child)
+
