Debian Bug report logs - #531612
[SA35296] strongSwan Two Denial of Service Vulnerabilities

version graph

Package: strongswan; Maintainer for strongswan is strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>; Source for strongswan is src:strongswan.

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Tue, 2 Jun 2009 18:39:01 UTC

Severity: serious

Tags: patch, security

Fixed in versions strongswan/4.2.14-1.1, strongswan/4.3.2-1

Done: Rene Mayrhofer <rmayr@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Rene Mayrhofer <rmayr@debian.org>:
Bug#531612; Package strongswan. (Tue, 02 Jun 2009 18:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Rene Mayrhofer <rmayr@debian.org>. (Tue, 02 Jun 2009 18:39:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: [SA35296] strongSwan Two Denial of Service Vulnerabilities
Date: Tue, 02 Jun 2009 20:35:51 +0200
Package: strongswan
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

The following SA (Secunia Advisory) id was published for strongswan:

SA35296[1]:

> DESCRIPTION:
> Two vulnerabilities have been reported in strongSwan, which can be
> exploited by malicious people to cause a DoS (Denial of Service).
> 
> 1) An error in the IKEv2 charon daemon can be exploited to trigger a
> NULL pointer dereference and cause a crash via specially crafted
> IKE_SA_INIT and CREATE_CHILD_SA requests.
> 
> 2) An error in the IKEv2 charon daemon can be exploited to trigger a
> NULL pointer dereference and cause a crash via an IKE_AUTH request
> missing a TSi or TSr payload.
> 
> The vulnerabilities are reported in versions 4.1.0 through 4.3.0.
> 
> SOLUTION:
> Update to version 4.3.1 or 4.2.15, or apply patches:
> http://download.strongswan.org/patches/03_invalid_ike_state_patch/
> http://download.strongswan.org/patches/04_swapped_ts_check_patch/
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> http://download.strongswan.org/patches/03_invalid_ike_state_patch/strongswan-4.x.x_invalid_ike_state.readme
> http://download.strongswan.org/patches/04_swapped_ts_check_patch/strongswan-4.x.x._swapped_ts_check.readme


If you fix the vulnerability please also make sure to include the CVE id
(if will be available) in the changelog entry.


[1]http://secunia.com/advisories/35296/

Patches: http://download.strongswan.org/patches/03_invalid_ike_state_patch/
	 http://download.strongswan.org/patches/04_swapped_ts_check_patch/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkolcP4ACgkQNxpp46476aouWQCghzO5oD+VYA2hj8US61W2sOCy
pZkAn0GJ0MZ77UHYSVy4Zg/TrtHG1ERA
=0tLy
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Rene Mayrhofer <rmayr@debian.org>:
Bug#531612; Package strongswan. (Mon, 15 Jun 2009 11:30:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Rene Mayrhofer <rmayr@debian.org>. (Mon, 15 Jun 2009 11:30:06 GMT) Full text and rfc822 format available.

Message #10 received at 531612@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 531612@bugs.debian.org
Subject: intent to NMU
Date: Mon, 15 Jun 2009 13:24:10 +0200
[Message part 1 (text/plain, inline)]
Hi,
attached is a patch for a 0-day NMU I am going to upload to 
fix this issue.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[strongswan-4.2.14-1_4.2.14-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Rene Mayrhofer <rmayr@debian.org>:
Bug#531612; Package strongswan. (Mon, 15 Jun 2009 11:30:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Rene Mayrhofer <rmayr@debian.org>. (Mon, 15 Jun 2009 11:30:07 GMT) Full text and rfc822 format available.

Message #15 received at 531612@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 531612@bugs.debian.org
Subject: intent to NMU
Date: Mon, 15 Jun 2009 13:25:19 +0200
[Message part 1 (text/plain, inline)]
Hi,
attached is a patch for a 0-day NMU I'm going to upload to 
fix this issue.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[strongswan-4.2.14-1_4.2.14-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Mon, 15 Jun 2009 11:36:05 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Mon, 15 Jun 2009 11:36:06 GMT) Full text and rfc822 format available.

Message #20 received at 531612-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 531612-close@bugs.debian.org
Subject: Bug#531612: fixed in strongswan 4.2.14-1.1
Date: Mon, 15 Jun 2009 11:32:10 +0000
Source: strongswan
Source-Version: 4.2.14-1.1

We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive:

libstrongswan_4.2.14-1.1_amd64.deb
  to pool/main/s/strongswan/libstrongswan_4.2.14-1.1_amd64.deb
strongswan-ikev1_4.2.14-1.1_amd64.deb
  to pool/main/s/strongswan/strongswan-ikev1_4.2.14-1.1_amd64.deb
strongswan-ikev2_4.2.14-1.1_amd64.deb
  to pool/main/s/strongswan/strongswan-ikev2_4.2.14-1.1_amd64.deb
strongswan-nm_4.2.14-1.1_amd64.deb
  to pool/main/s/strongswan/strongswan-nm_4.2.14-1.1_amd64.deb
strongswan-starter_4.2.14-1.1_amd64.deb
  to pool/main/s/strongswan/strongswan-starter_4.2.14-1.1_amd64.deb
strongswan_4.2.14-1.1.diff.gz
  to pool/main/s/strongswan/strongswan_4.2.14-1.1.diff.gz
strongswan_4.2.14-1.1.dsc
  to pool/main/s/strongswan/strongswan_4.2.14-1.1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 531612@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated strongswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 15 Jun 2009 13:06:05 +0200
Source: strongswan
Binary: strongswan libstrongswan strongswan-starter strongswan-ikev1 strongswan-ikev2 strongswan-nm
Architecture: source amd64
Version: 4.2.14-1.1
Distribution: unstable
Urgency: high
Maintainer: Rene Mayrhofer <rmayr@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 libstrongswan - strongSwan utility and crypto library
 strongswan - IPsec VPN solution metapackage
 strongswan-ikev1 - strongSwan IKEv1 keying daemon
 strongswan-ikev2 - strongSwan IKEv2 keying daemon
 strongswan-nm - strongSwan plugin to interact with NetworkManager
 strongswan-starter - strongSwan daemon starter and configuration file parser
Closes: 531612
Changes: 
 strongswan (4.2.14-1.1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix two possible null pointer dereferences leading to denial
     of service via crafted IKE_SA_INIT, CREATE_CHILD_SA or
     IKE_AUTH request (CVE-2009-1957; CVE-2009-1958; Closes: #531612).
Checksums-Sha1: 
 ea2c805150ec7b20e8b868dca77c3b252ff016da 1502 strongswan_4.2.14-1.1.dsc
 f21d0eaae8e4e12ffc95104225de78cf955a84a1 60089 strongswan_4.2.14-1.1.diff.gz
 f47312c23c055e64a35cca6c209a21c992c01175 174264 libstrongswan_4.2.14-1.1_amd64.deb
 2436f369b4c13d0354dbbfa93928e06d66b6a80f 306756 strongswan-starter_4.2.14-1.1_amd64.deb
 ba4102f03583fb858c95d5154879b690b8c76a9c 440100 strongswan-ikev1_4.2.14-1.1_amd64.deb
 1bd9ea72963cfe20756159f4fc5f27da3a4f22e7 252434 strongswan-ikev2_4.2.14-1.1_amd64.deb
 22355de548495c5416d32f14e2e565e2b6a773fb 41796 strongswan-nm_4.2.14-1.1_amd64.deb
Checksums-Sha256: 
 92b7d1d588e89b293c1ebe1b61b8877c0fdad48322b7f9870513f04bf55d65e1 1502 strongswan_4.2.14-1.1.dsc
 0846c4f85e0d7eff839d41a79fb075075f7ffc7f463e6868d4dfefd1f3e07140 60089 strongswan_4.2.14-1.1.diff.gz
 a8557968f338f745a28b13383427b0d255c2ad00a05bdb586dd781ef07d8d283 174264 libstrongswan_4.2.14-1.1_amd64.deb
 2bd47f134be9a3c176847850fccc5f5f465cb64863c3ee67903275e429c67626 306756 strongswan-starter_4.2.14-1.1_amd64.deb
 ab4a33059119e7b1b9efa45caf23606b6d1437ef0dee76c665603f956f3e1860 440100 strongswan-ikev1_4.2.14-1.1_amd64.deb
 7be28cca72dfa2b637d8586070eac49f1ff21fbb2acc08da2da73b19d5993a53 252434 strongswan-ikev2_4.2.14-1.1_amd64.deb
 749633cd0ac08b1acb3e017ec8ab2c8c5613fdf125edfff61638380fc04ae516 41796 strongswan-nm_4.2.14-1.1_amd64.deb
Files: 
 2ca0928a814515d1fbfd58c03817aafe 1502 net optional strongswan_4.2.14-1.1.dsc
 98db5ebbc42d17847943407a9c288ced 60089 net optional strongswan_4.2.14-1.1.diff.gz
 e23342a055eec3bc8fa3a2686973c1f5 174264 net optional libstrongswan_4.2.14-1.1_amd64.deb
 2d6e9ed11afc46be48b15b7935ba1403 306756 net optional strongswan-starter_4.2.14-1.1_amd64.deb
 d388d140f55ce4acd1fc301a9deadaf0 440100 net optional strongswan-ikev1_4.2.14-1.1_amd64.deb
 b2a488da2e4342bfa03c6ba2dadc9ccd 252434 net optional strongswan-ikev2_4.2.14-1.1_amd64.deb
 2d07ead3bcdfa9b6c55501a90292ac40 41796 net optional strongswan-nm_4.2.14-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAko2L2IACgkQHYflSXNkfP+sdgCfaPdd77M03RHEsuBEouQ/bg4s
P9gAnjBjfnr5CzcIt3P48rAwF/TaAFhZ
=sRPM
-----END PGP SIGNATURE-----





Reply sent to Rene Mayrhofer <rmayr@debian.org>:
You have taken responsibility. (Wed, 24 Jun 2009 09:27:40 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Wed, 24 Jun 2009 09:27:40 GMT) Full text and rfc822 format available.

Message #25 received at 531612-close@bugs.debian.org (full text, mbox):

From: Rene Mayrhofer <rmayr@debian.org>
To: 531612-close@bugs.debian.org
Subject: Bug#531612: fixed in strongswan 4.3.2-1
Date: Wed, 24 Jun 2009 09:20:57 +0000
Source: strongswan
Source-Version: 4.3.2-1

We believe that the bug you reported is fixed in the latest version of
strongswan, which is due to be installed in the Debian FTP archive:

libstrongswan_4.3.2-1_i386.deb
  to pool/main/s/strongswan/libstrongswan_4.3.2-1_i386.deb
strongswan-ikev1_4.3.2-1_i386.deb
  to pool/main/s/strongswan/strongswan-ikev1_4.3.2-1_i386.deb
strongswan-ikev2_4.3.2-1_i386.deb
  to pool/main/s/strongswan/strongswan-ikev2_4.3.2-1_i386.deb
strongswan-nm_4.3.2-1_i386.deb
  to pool/main/s/strongswan/strongswan-nm_4.3.2-1_i386.deb
strongswan-starter_4.3.2-1_i386.deb
  to pool/main/s/strongswan/strongswan-starter_4.3.2-1_i386.deb
strongswan_4.3.2-1.diff.gz
  to pool/main/s/strongswan/strongswan_4.3.2-1.diff.gz
strongswan_4.3.2-1.dsc
  to pool/main/s/strongswan/strongswan_4.3.2-1.dsc
strongswan_4.3.2.orig.tar.gz
  to pool/main/s/strongswan/strongswan_4.3.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 531612@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Mayrhofer <rmayr@debian.org> (supplier of updated strongswan package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 18 Apr 2009 20:28:51 +0200
Source: strongswan
Binary: strongswan libstrongswan strongswan-starter strongswan-ikev1 strongswan-ikev2 strongswan-nm
Architecture: source i386
Version: 4.3.2-1
Distribution: unstable
Urgency: HIGH
Maintainer: Rene Mayrhofer <rmayr@debian.org>
Changed-By: Rene Mayrhofer <rmayr@debian.org>
Description: 
 libstrongswan - strongSwan utility and crypto library
 strongswan - IPsec VPN solution metapackage
 strongswan-ikev1 - strongSwan Internet Key Exchange (v1) daemon
 strongswan-ikev2 - strongSwan Internet Key Exchange (v2) daemon
 strongswan-nm - strongSwan plugin to interact with NetworkManager
 strongswan-starter - strongSwan daemon starter and configuration file parser
Closes: 525234 525652 526037 526486 526487 526488 528073 528323 528370 529027 529063 529071 529592 529638 529661 529742 530273 531612 533837
Changes: 
 strongswan (4.3.2-1) unstable; urgency=HIGH
 .
   Urgency high because of security issue and FTBFS.
   * New upstream release, fixes security bug.
   * Fix padlock handling for i386 in debian/rules.
     Closes: #525652 (FTBFS on i386)
   * Acknowledge NMUs by security team.
     Closes: #533837, #531612
   * Add "Conflicts: strongswan (< 4.2.12-1)" to libstrongswan,
     strongswan-starter, strongswan-ikev1, and strongswan-ikev2 to force
     update of the strongswan package on installation and avoid conflicts
     caused by package restructuring.
     Closes: #526037: strongswan-ikev2 and strongswan: error when trying to
                      install together
     Closes: #526486: strongswan and libstrongswan: error when trying to
                      install together
     Closes: #526487: strongswan-ikev1 and strongswan: error when trying to
                      install together
     Closes: #526488: strongswan-starter and strongswan: error when trying to
                      install together
   * Debconf templates and debian/control reviewed by the debian-l10n-
     english team as part of the Smith review project. Closes: #528073
   * Debconf translation updates:
     Closes: #525234: [INTL:ja] Update po-debconf template translation (ja.po)
     Closes: #528323: [INTL:sv] po-debconf file for strongswan
     Closes: #528370: [INTL:vi] Vietnamese debconf templates translation update
     Closes: #529027: [INTL:pt] Updated Portuguese translation for debconf messages
     Closes: #529071: [INTL:fr] French debconf templates translation update
     Closes: #529592: nb translation of debconf PO for strongSWAN
     Closes: #529638: [INTL:ru] Russian debconf templates translation
     Closes: #529661: Updated Czech translation of strongswan debconf messages
     Closes: #529742: [INTL:eu] strongswan debconf basque translation
     Closes: #530273: [INTL:fi] Finnish translation of the debconf templates
     Closes: #529063: [INTL:gl] strongswan 4.2.14-2 debconf translation update
Checksums-Sha1: 
 f2512185664e43d6e17107b825b6fdc7b39a87c1 1487 strongswan_4.3.2-1.dsc
 a01ef1adc4ff82b2f3673cbea9dbe497ef61b33c 3541466 strongswan_4.3.2.orig.tar.gz
 6338406111afb3f59607ddaea485f3c1ad1c59b5 78372 strongswan_4.3.2-1.diff.gz
 dc420ad41d4129e7930db01be88670a43d2d9dcf 170386 libstrongswan_4.3.2-1_i386.deb
 3c2f22459c2c7fe1763545e34cd7b2d73deb9508 266028 strongswan-starter_4.3.2-1_i386.deb
 8a54ab9bea3b78b93397c45657755f9799f6b4d6 331536 strongswan-ikev1_4.3.2-1_i386.deb
 09fc51b19d756ad063d1214e85b10d2a40129ceb 225718 strongswan-ikev2_4.3.2-1_i386.deb
 638563070a1cc9c201b69732e3340b987ed08d95 43796 strongswan-nm_4.3.2-1_i386.deb
Checksums-Sha256: 
 34ca69ffd71ff9b80032d5d5aeb2d614ca914b682174e2178670f8fdb043a6e1 1487 strongswan_4.3.2-1.dsc
 6ca31f8d6b3f50b6d255af1fb567664abd41e9fe028ac84bbc5ab1085ae7db5f 3541466 strongswan_4.3.2.orig.tar.gz
 e284d738ac25634535a5203ba66356b3709c9978f8bc4159dd5695a931ef4340 78372 strongswan_4.3.2-1.diff.gz
 7d0fd8fee14ad9e19a44c5a2345f10388add7a4151ba5ba1cf0b20b93764daef 170386 libstrongswan_4.3.2-1_i386.deb
 8821b2a5f54c4ae0ca57598d4978b2593d5e380e0325cefbaf1629a95817b17a 266028 strongswan-starter_4.3.2-1_i386.deb
 803c53ab4100b8d8dfbba3240e3186402dfa1f8a01846e46adbb861129ebb162 331536 strongswan-ikev1_4.3.2-1_i386.deb
 b92ad1e5cdc13b33840106f9eaea7a0cc90970f756a17f053dede8715f5b5d71 225718 strongswan-ikev2_4.3.2-1_i386.deb
 d9ce457310e45c1c4ca0a5f9cf77f579eb11c132899313f44551b6b7bf8ffbab 43796 strongswan-nm_4.3.2-1_i386.deb
Files: 
 e3941351431fe4253b7a8d163966d58d 1487 net optional strongswan_4.3.2-1.dsc
 bc2584a0811e0de9737836a4602146d2 3541466 net optional strongswan_4.3.2.orig.tar.gz
 f636c349e51f481876424469bd76f640 78372 net optional strongswan_4.3.2-1.diff.gz
 6bc4ca52b9e56c90ebf1f0ca6a0a60ff 170386 net optional libstrongswan_4.3.2-1_i386.deb
 4e70a71df3c62623f2bd0530865bc3f2 266028 net optional strongswan-starter_4.3.2-1_i386.deb
 8cefa4e70aaa86eff409cc39992d92b8 331536 net optional strongswan-ikev1_4.3.2-1_i386.deb
 30458ff637f4c477b28d373c6cf30246 225718 net optional strongswan-ikev2_4.3.2-1_i386.deb
 4a47bb10be9e4ab4b6bd9fa7d10510dd 43796 net optional strongswan-nm_4.3.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpB31UACgkQq7SPDcPCS95MPgCcDzFKgDbWAYv16S738Xlcdh+6
9n4AoMtywo2aTzDPshw0mLANd2LcOk6n
=yNOR
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 12 Sep 2009 07:29:34 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 18:51:14 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.