ID CVE-2019-12312
Summary In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.
References
Vulnerable Configurations
  • cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.4:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.11:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.12:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.16:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.18:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.19:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.20:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.21:-:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.21:-:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.21:rc1:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.21:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.21:rc2:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.21:rc2:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.21:rc4:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.21:rc4:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.21:rc5:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.21:rc5:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.23:-:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.23:-:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.23:rc1:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.23:rc1:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.23:rc3:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.23:rc3:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.23:rc4:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.23:rc4:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.25:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.26:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:libreswan:libreswan:3.27:*:*:*:*:*:*:*
    cpe:2.3:a:libreswan:libreswan:3.27:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1723957
title libreswan is missing linux audit calls for failed IKE SAs and failed IPsec SAs required for Common Criteria
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment libreswan is earlier than 0:3.29-6.el8
          oval oval:com.redhat.rhsa:tst:20193391001
        • comment libreswan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20151154002
      • AND
        • comment libreswan-debugsource is earlier than 0:3.29-6.el8
          oval oval:com.redhat.rhsa:tst:20193391003
        • comment libreswan-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20193391004
rhsa
id RHSA-2019:3391
released 2019-11-05
severity Low
title RHSA-2019:3391: libreswan security and bug fix update (Low)
rpms
  • libreswan-0:3.29-6.el8
  • libreswan-debuginfo-0:3.29-6.el8
  • libreswan-debugsource-0:3.29-6.el8
refmap via4
confirm
misc
Last major update 24-08-2020 - 17:37
Published 24-05-2019 - 14:29
Last modified 24-08-2020 - 17:37
Back to Top