Control: tags -1 + patch Hi Daniel,
On Sat, May 06, 2023 at 10:44:48PM +0200, Salvatore Bonaccorso wrote: > Hi Daniel, > > On Fri, May 05, 2023 at 10:17:59AM +0200, Salvatore Bonaccorso wrote: > > Source: libreswan > > Version: 4.10-2 > > Severity: important > > Tags: security upstream > > Forwarded: https://github.com/libreswan/libreswan/issues/1039 > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > <t...@security.debian.org> > > > > Hi, > > > > The following vulnerability was published for libreswan. > > > > CVE-2023-30570[0]: > > | Incorrect aggressive mode interaction causes the pluto daemon to > > | crash > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2023-30570 > > https://www.cve.org/CVERecord?id=CVE-2023-30570 > > [1] https://github.com/libreswan/libreswan/issues/1039 > > > > Please adjust the affected versions in the BTS as needed. > > Proposed changes at > https://salsa.debian.org/debian/libreswan/-/merge_requests/3 > > The primary goal here is to make sure the changes land in bookworm, > not evaluated yet for bullseye, but at first glance it might warrant a > DSA. Attached as well the corresponding debdiff (please double-check). Regards, Salvatore
diff -Nru libreswan-4.10/debian/changelog libreswan-4.10/debian/changelog --- libreswan-4.10/debian/changelog 2023-03-10 22:34:25.000000000 +0100 +++ libreswan-4.10/debian/changelog 2023-05-06 22:34:50.000000000 +0200 @@ -1,3 +1,13 @@ +libreswan (4.10-2.1) unstable; urgency=medium + + * Non-maintainer upload. + * ikev1: when larval request fails, send back zero responder SPI + (CVE-2023-30570) (Closes: #1035542) + * ikev1: start aggr mode responder in STATE_AGGR_R0 (CVE-2023-30570) + (Closes: #1035542) + + -- Salvatore Bonaccorso <car...@debian.org> Sat, 06 May 2023 22:34:50 +0200 + libreswan (4.10-2) unstable; urgency=medium * Reach NSPR mipsel workaround for #854472 diff -Nru libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch --- libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch 1970-01-01 01:00:00.000000000 +0100 +++ libreswan-4.10/debian/patches/0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch 2023-05-06 22:34:50.000000000 +0200 @@ -0,0 +1,44 @@ +From: Andrew Cagney <cag...@gnu.org> +Date: Fri, 24 Mar 2023 11:41:06 -0400 +Subject: ikev1: when larval request fails, send back zero responder SPI +Origin: https://github.com/libreswan/libreswan/commit/a31bf33593e6a15bf1ad1b79ff6bb177a4d39f2c +Bug-Debian: https://bugs.debian.org/1035542 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-30570 + +This way, it is much harder for the intitiator to send a +follow-up packet with a valid non-zero responder SPI. + +See #1039. +--- + programs/pluto/ikev1.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c +index e0615323edb3..dba622ae52ff 100644 +--- a/programs/pluto/ikev1.c ++++ b/programs/pluto/ikev1.c +@@ -1101,10 +1101,20 @@ void process_v1_packet(struct msg_digest *md) + struct state *st = NULL; + enum state_kind from_state = STATE_UNDEFINED; /* state we started in */ + ++ /* ++ * For the initial responses, don't leak the responder's SPI. ++ * Hence the use of send_v1_notification_from_md(). ++ * ++ * AGGR mode is a mess in that the R0->R1 transition happens ++ * well before the transition succeeds. ++ */ + #define SEND_NOTIFICATION(t) \ + { \ + pstats(ikev1_sent_notifies_e, t); \ +- if (st != NULL) \ ++ if (st != NULL && \ ++ st->st_state->kind != STATE_AGGR_R0 && \ ++ st->st_state->kind != STATE_AGGR_R1 && \ ++ st->st_state->kind != STATE_MAIN_R0) \ + send_v1_notification_from_state(st, from_state, t); \ + else \ + send_v1_notification_from_md(md, t); \ +-- +2.40.1 + diff -Nru libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch --- libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch 1970-01-01 01:00:00.000000000 +0100 +++ libreswan-4.10/debian/patches/0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch 2023-05-06 22:34:50.000000000 +0200 @@ -0,0 +1,84 @@ +From: Andrew Cagney <cag...@gnu.org> +Date: Fri, 24 Mar 2023 17:18:16 -0400 +Subject: ikev1: start aggr mode responder in STATE_AGGR_R0 +Origin: https://github.com/libreswan/libreswan/commit/f32feb1dd71e4a69636d9d7efbd1ff441acde9d6 +Bug-Debian: https://bugs.debian.org/1035542 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2023-30570 + +not R1; and reject everything when in R0; see #1039 +--- + programs/pluto/ikev1.c | 28 ++++++++++++++++++++++++++-- + programs/pluto/ikev1_aggr.c | 2 +- + 2 files changed, 27 insertions(+), 3 deletions(-) + +diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c +index dba622ae52ff..552bb902588a 100644 +--- a/programs/pluto/ikev1.c ++++ b/programs/pluto/ikev1.c +@@ -1178,17 +1178,26 @@ void process_v1_packet(struct msg_digest *md) + from_state = (md->hdr.isa_xchg == ISAKMP_XCHG_IDPROT ? + STATE_MAIN_R0 : STATE_AGGR_R0); + } else { +- /* not an initial message */ ++ /* ++ * Possibly not an initial message. Possibly ++ * from initiator. Possibly from responder. ++ * ++ * Possibly. Which is probably hopeless. ++ */ + + st = find_state_ikev1(&md->hdr.isa_ike_spis, + md->hdr.isa_msgid); + + if (st == NULL) { + /* +- * perhaps this is a first message ++ * Perhaps this is a first message + * from the responder and contains a + * responder cookie that we've not yet + * seen. ++ * ++ * Perhaps this is a random message ++ * with a bogus non-zero responder IKE ++ * SPI. + */ + st = find_state_ikev1_init(&md->hdr.isa_ike_initiator_spi, + md->hdr.isa_msgid); +@@ -1199,6 +1208,21 @@ void process_v1_packet(struct msg_digest *md) + /* XXX Could send notification back */ + return; + } ++ if (st->st_state->kind == STATE_AGGR_R0) { ++ /* ++ * The only way for this to ++ * happen is for the attacker ++ * to guess the responder's ++ * IKE SPI that hasn't been ++ * sent over the wire? ++ * ++ * Well that or played 1/2^32 ++ * odds. ++ */ ++ llog_pexpect(md->md_logger, HERE, ++ "phase 1 message matching AGGR_R0 state"); ++ return; ++ } + } + from_state = st->st_state->kind; + } +diff --git a/programs/pluto/ikev1_aggr.c b/programs/pluto/ikev1_aggr.c +index 42cc783d1535..87be80cb6c8d 100644 +--- a/programs/pluto/ikev1_aggr.c ++++ b/programs/pluto/ikev1_aggr.c +@@ -169,7 +169,7 @@ stf_status aggr_inI1_outR1(struct state *null_st UNUSED, + /* Set up state */ + struct ike_sa *ike = new_v1_rstate(c, md); + md->v1_st = &ike->sa; /* (caller will reset cur_state) */ +- change_v1_state(&ike->sa, STATE_AGGR_R1); ++ change_v1_state(&ike->sa, STATE_AGGR_R0); + + /* + * Warn when peer is expected to use especially dangerous +-- +2.40.1 + diff -Nru libreswan-4.10/debian/patches/series libreswan-4.10/debian/patches/series --- libreswan-4.10/debian/patches/series 2023-03-10 22:33:43.000000000 +0100 +++ libreswan-4.10/debian/patches/series 2023-05-06 22:34:50.000000000 +0200 @@ -2,3 +2,5 @@ 0002-debian-pam.d-pluto.patch 0004-ikev1-policy-defaults-to-drop.patch 0004-Include-features.h-to-enable-NSPR-workaround-for-854.patch +0005-ikev1-when-larval-request-fails-send-back-zero-respo.patch +0006-ikev1-start-aggr-mode-responder-in-STATE_AGGR_R0.patch