Control: tags -1 + patch
Hi Daniel,
On Sat, May 06, 2023 at 10:44:48PM +0200, Salvatore Bonaccorso wrote:
> Hi Daniel,
>
> On Fri, May 05, 2023 at 10:17:59AM +0200, Salvatore Bonaccorso wrote:
> > Source: libreswan
> > Version: 4.10-2
> > Severity: important
> > Tags: security upstream
> > Forwarded: https://github.com/libreswan/libreswan/issues/1039
> > X-Debbugs-Cc: car...@debian.org, Debian Security Team
> > <t...@security.debian.org>
> >
> > Hi,
> >
> > The following vulnerability was published for libreswan.
> >
> > CVE-2023-30570[0]:
> > | Incorrect aggressive mode interaction causes the pluto daemon to
> > | crash
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2023-30570
> > https://www.cve.org/CVERecord?id=CVE-2023-30570
> > [1] https://github.com/libreswan/libreswan/issues/1039
> >
> > Please adjust the affected versions in the BTS as needed.
>
> Proposed changes at
> https://salsa.debian.org/debian/libreswan/-/merge_requests/3
>
> The primary goal here is to make sure the changes land in bookworm,
> not evaluated yet for bullseye, but at first glance it might warrant a
> DSA.
Attached as well the corresponding debdiff (please double-check).
Regards,
Salvatore
diff -Nru libreswan-4.10/debian/changelog libreswan-4.10/debian/changelog
--- libreswan-4.10/debian/changelog 2023-03-10 22:34:25.000000000 +0100
+++ libreswan-4.10/debian/changelog 2023-05-06 22:34:50.000000000 +0200
@@ -1,3 +1,13 @@
+libreswan (4.10-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * ikev1: when larval request fails, send back zero responder SPI
+ (CVE-2023-30570) (Closes: #1035542)
+ * ikev1: start aggr mode responder in STATE_AGGR_R0 (CVE-2023-30570)
+ (Closes: #1035542)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Sat, 06 May 2023 22:34:50 +0200
+
libreswan (4.10-2) unstable; urgency=medium
* Reach NSPR mipsel workaround for #854472
diff -Nru
libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch
libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch
---
libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch
1970-01-01 01:00:00.000000000 +0100
+++
libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch
2023-05-06 22:34:50.000000000 +0200
@@ -0,0 +1,44 @@
+From: Andrew Cagney <cag...@gnu.org>
+Date: Fri, 24 Mar 2023 11:41:06 -0400
+Subject: ikev1: when larval request fails, send back zero responder SPI
+Origin:
https://github.com/libreswan/libreswan/commit/a31bf33593e6a15bf1ad1b79ff6bb177a4d39f2c
+Bug-Debian: https://bugs.debian.org/1035542
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-30570
+
+This way, it is much harder for the intitiator to send a
+follow-up packet with a valid non-zero responder SPI.
+
+See #1039.
+---
+ programs/pluto/ikev1.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
+index e0615323edb3..dba622ae52ff 100644
+--- a/programs/pluto/ikev1.c
++++ b/programs/pluto/ikev1.c
+@@ -1101,10 +1101,20 @@ void process_v1_packet(struct msg_digest *md)
+ struct state *st = NULL;
+ enum state_kind from_state = STATE_UNDEFINED; /* state we started in
*/
+
++ /*
++ * For the initial responses, don't leak the responder's SPI.
++ * Hence the use of send_v1_notification_from_md().
++ *
++ * AGGR mode is a mess in that the R0->R1 transition happens
++ * well before the transition succeeds.
++ */
+ #define SEND_NOTIFICATION(t) \
+ { \
+ pstats(ikev1_sent_notifies_e, t); \
+- if (st != NULL) \
++ if (st != NULL && \
++ st->st_state->kind != STATE_AGGR_R0 && \
++ st->st_state->kind != STATE_AGGR_R1 && \
++ st->st_state->kind != STATE_MAIN_R0) \
+ send_v1_notification_from_state(st, from_state, t); \
+ else \
+ send_v1_notification_from_md(md, t); \
+--
+2.40.1
+
diff -Nru
libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch
libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch
---
libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch
1970-01-01 01:00:00.000000000 +0100
+++
libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch
2023-05-06 22:34:50.000000000 +0200
@@ -0,0 +1,84 @@
+From: Andrew Cagney <cag...@gnu.org>
+Date: Fri, 24 Mar 2023 17:18:16 -0400
+Subject: ikev1: start aggr mode responder in STATE_AGGR_R0
+Origin:
https://github.com/libreswan/libreswan/commit/f32feb1dd71e4a69636d9d7efbd1ff441acde9d6
+Bug-Debian: https://bugs.debian.org/1035542
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-30570
+
+not R1; and reject everything when in R0; see #1039
+---
+ programs/pluto/ikev1.c | 28 ++++++++++++++++++++++++++--
+ programs/pluto/ikev1_aggr.c | 2 +-
+ 2 files changed, 27 insertions(+), 3 deletions(-)
+
+diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
+index dba622ae52ff..552bb902588a 100644
+--- a/programs/pluto/ikev1.c
++++ b/programs/pluto/ikev1.c
+@@ -1178,17 +1178,26 @@ void process_v1_packet(struct msg_digest *md)
+ from_state = (md->hdr.isa_xchg == ISAKMP_XCHG_IDPROT ?
+ STATE_MAIN_R0 : STATE_AGGR_R0);
+ } else {
+- /* not an initial message */
++ /*
++ * Possibly not an initial message. Possibly
++ * from initiator. Possibly from responder.
++ *
++ * Possibly. Which is probably hopeless.
++ */
+
+ st = find_state_ikev1(&md->hdr.isa_ike_spis,
+ md->hdr.isa_msgid);
+
+ if (st == NULL) {
+ /*
+- * perhaps this is a first message
++ * Perhaps this is a first message
+ * from the responder and contains a
+ * responder cookie that we've not yet
+ * seen.
++ *
++ * Perhaps this is a random message
++ * with a bogus non-zero responder IKE
++ * SPI.
+ */
+ st =
find_state_ikev1_init(&md->hdr.isa_ike_initiator_spi,
+ md->hdr.isa_msgid);
+@@ -1199,6 +1208,21 @@ void process_v1_packet(struct msg_digest *md)
+ /* XXX Could send notification back */
+ return;
+ }
++ if (st->st_state->kind == STATE_AGGR_R0) {
++ /*
++ * The only way for this to
++ * happen is for the attacker
++ * to guess the responder's
++ * IKE SPI that hasn't been
++ * sent over the wire?
++ *
++ * Well that or played 1/2^32
++ * odds.
++ */
++ llog_pexpect(md->md_logger, HERE,
++ "phase 1 message matching
AGGR_R0 state");
++ return;
++ }
+ }
+ from_state = st->st_state->kind;
+ }
+diff --git a/programs/pluto/ikev1_aggr.c b/programs/pluto/ikev1_aggr.c
+index 42cc783d1535..87be80cb6c8d 100644
+--- a/programs/pluto/ikev1_aggr.c
++++ b/programs/pluto/ikev1_aggr.c
+@@ -169,7 +169,7 @@ stf_status aggr_inI1_outR1(struct state *null_st UNUSED,
+ /* Set up state */
+ struct ike_sa *ike = new_v1_rstate(c, md);
+ md->v1_st = &ike->sa; /* (caller will reset cur_state) */
+- change_v1_state(&ike->sa, STATE_AGGR_R1);
++ change_v1_state(&ike->sa, STATE_AGGR_R0);
+
+ /*
+ * Warn when peer is expected to use especially dangerous
+--
+2.40.1
+
diff -Nru libreswan-4.10/debian/patches/series
libreswan-4.10/debian/patches/series
--- libreswan-4.10/debian/patches/series 2023-03-10 22:33:43.000000000
+0100
+++ libreswan-4.10/debian/patches/series 2023-05-06 22:34:50.000000000
+0200
@@ -2,3 +2,5 @@
0002-debian-pam.d-pluto.patch
0004-ikev1-policy-defaults-to-drop.patch
0004-Include-features.h-to-enable-NSPR-workaround-for-854.patch
+0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch
+0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch
