Vigil@nce: strongSwan, denials of service of IKE
June 2009 by Vigil@nce
An attacker can send malformed IKE queries in order to stop
strongSwan.
– Severity: 2/4
– Consequences: denial of service of service
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 02/06/2009
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The strongSwan product implements IPsec for Linux. The IKE
protocol is used to exchange cryptographic keys. The IKE
implementation of strongSwan is impacted by two vulnerabilities.
An attacker can send an IKE_SA_INIT (Security Association
Initialisation) query, and then a CREATE_CHILD_SA query, which
generates an invalid state and dereferences a NULL pointer.
[grav:2/4; CVE-2009-1957]
An attacker can send an IKE_AUTH query with no TSi/TSr (Traffic
Selector Initiator and Responder) data, which dereferences a NULL
pointer. [grav:2/4; CVE-2009-1958]
An attacker can therefore send malformed IKE queries in order to
stop strongSwan.
CHARACTERISTICS
– Identifiers: BID-35178, CVE-2009-1957, CVE-2009-1958,
VIGILANCE-VUL-8750
– Url: http://vigilance.fr/vulnerability/strongSwan-denials-of-service-of-IKE-8750