[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#774619: marked as done (unblock: strongswan/5.2.1-5)

Your message dated Mon, 5 Jan 2015 23:54:33 +0100
with message-id <20150105225433.GA25423@ugent.be>
and subject line Re: Bug#774619: unblock: strongswan/5.2.1-5
has caused the Debian Bug report #774619,
regarding unblock: strongswan/5.2.1-5
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
774619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774619
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package strongswan

Hi,

CVE-2014-9221 was recently fixed in strongSwan: it's a remote,
pre-authentication denial of service (it's possible to make the charon
daemon crash with an invalid field in the first IKE_SA_INIT packet).

A minimal fix has been uploaded already to unstable (as well as Wheezy).
Debdiff is attached, can you authorize it to migrate to Jessie?

Thanks in advance,
-- 
Yves-Alexis Perez

unblock strongswan/5.2.1-5

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (450, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru strongswan-5.2.1/debian/changelog strongswan-5.2.1/debian/changelog
--- strongswan-5.2.1/debian/changelog	2014-10-24 21:08:18.000000000 +0200
+++ strongswan-5.2.1/debian/changelog	2015-01-05 13:11:54.000000000 +0100
@@ -1,3 +1,11 @@
+strongswan (5.2.1-5) unstable; urgency=high
+
+  * debian/patches:
+    - debian/patches/CVE-2014-9221_modp_custom added, fix unauthenticated
+    denial of service in IKEv2 when using custom MODP value.
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Mon, 05 Jan 2015 13:11:51 +0100
+
 strongswan (5.2.1-4) unstable; urgency=medium
 
   * Give up on trying to run the test suite on !amd64, it now times out on
diff -Nru strongswan-5.2.1/debian/patches/CVE-2014-9221_modp_custom.patch strongswan-5.2.1/debian/patches/CVE-2014-9221_modp_custom.patch
--- strongswan-5.2.1/debian/patches/CVE-2014-9221_modp_custom.patch	1970-01-01 01:00:00.000000000 +0100
+++ strongswan-5.2.1/debian/patches/CVE-2014-9221_modp_custom.patch	2014-12-28 16:17:50.000000000 +0100
@@ -0,0 +1,165 @@
+From a78ecdd47509626711a13481f53696e01d4b8c62 Mon Sep 17 00:00:00 2001
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Mon, 1 Dec 2014 17:21:59 +0100
+Subject: [PATCH] crypto: Define MODP_CUSTOM outside of IKE DH range
+
+Before this fix it was possible to crash charon with an IKE_SA_INIT
+message containing a KE payload with DH group MODP_CUSTOM(1025).
+Defining MODP_CUSTOM outside of the two byte IKE DH identifier range
+prevents it from getting negotiated.
+
+Fixes CVE-2014-9221 in version 5.1.2 and newer.
+---
+ src/charon-tkm/src/tkm/tkm_diffie_hellman.c                   |  2 +-
+ src/libstrongswan/crypto/diffie_hellman.c                     | 11 ++++++-----
+ src/libstrongswan/crypto/diffie_hellman.h                     |  6 ++++--
+ src/libstrongswan/plugins/gcrypt/gcrypt_dh.c                  |  2 +-
+ src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c            |  2 +-
+ src/libstrongswan/plugins/ntru/ntru_ke.c                      |  2 +-
+ src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c    |  2 +-
+ src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c |  2 +-
+ src/libstrongswan/plugins/pkcs11/pkcs11_dh.c                  |  2 +-
+ 9 files changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+index 67db5e6d87d6..836e0b7f088d 100644
+--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
++++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+@@ -41,7 +41,7 @@ struct private_tkm_diffie_hellman_t {
+ 	/**
+ 	 * Diffie Hellman group number.
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/**
+ 	 * Diffie Hellman public value.
+diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
+index bada1c529951..ac106e9c4d45 100644
+--- a/src/libstrongswan/crypto/diffie_hellman.c
++++ b/src/libstrongswan/crypto/diffie_hellman.c
+@@ -42,15 +42,16 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT,
+ 	"ECP_256_BP",
+ 	"ECP_384_BP",
+ 	"ECP_512_BP");
+-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP,
+-	"MODP_NULL",
+-	"MODP_CUSTOM");
+-ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM,
++ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_512_BP,
++	"MODP_NULL");
++ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_NULL,
+ 	"NTRU_112",
+ 	"NTRU_128",
+ 	"NTRU_192",
+ 	"NTRU_256");
+-ENUM_END(diffie_hellman_group_names, NTRU_256_BIT);
++ENUM_NEXT(diffie_hellman_group_names, MODP_CUSTOM, MODP_CUSTOM, NTRU_256_BIT,
++	"MODP_CUSTOM");
++ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
+ 
+ 
+ /**
+diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
+index 105db22f14d4..d5161d077bb2 100644
+--- a/src/libstrongswan/crypto/diffie_hellman.h
++++ b/src/libstrongswan/crypto/diffie_hellman.h
+@@ -63,12 +63,14 @@ enum diffie_hellman_group_t {
+ 	/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
+ 	MODP_NULL = 1024,
+ 	/** MODP group with custom generator/prime */
+-	MODP_CUSTOM = 1025,
+ 	/** Parameters defined by IEEE 1363.1, in PRIVATE USE */
+ 	NTRU_112_BIT = 1030,
+ 	NTRU_128_BIT = 1031,
+ 	NTRU_192_BIT = 1032,
+-	NTRU_256_BIT = 1033
++	NTRU_256_BIT = 1033,
++	/** internally used DH group with additional parameters g and p, outside
++	 * of PRIVATE USE (i.e. IKEv2 DH group range) so it can't be negotiated */
++	MODP_CUSTOM = 65536,
+ };
+ 
+ /**
+diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+index f418b941db86..299865da2e09 100644
+--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
++++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+@@ -35,7 +35,7 @@ struct private_gcrypt_dh_t {
+ 	/**
+ 	 * Diffie Hellman group number
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/*
+ 	 * Generator value
+diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+index b74d35169f44..9936f7e4518f 100644
+--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
++++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+@@ -42,7 +42,7 @@ struct private_gmp_diffie_hellman_t {
+ 	/**
+ 	 * Diffie Hellman group number.
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/*
+ 	 * Generator value.
+diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c
+index abaa22336221..e64f32b91d0e 100644
+--- a/src/libstrongswan/plugins/ntru/ntru_ke.c
++++ b/src/libstrongswan/plugins/ntru/ntru_ke.c
+@@ -56,7 +56,7 @@ struct private_ntru_ke_t {
+ 	/**
+ 	 * Diffie Hellman group number.
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/**
+ 	 * NTRU Parameter Set
+diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+index ff3382473666..1e68ac59b838 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+@@ -38,7 +38,7 @@ struct private_openssl_diffie_hellman_t {
+ 	/**
+ 	 * Diffie Hellman group number.
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/**
+ 	 * Diffie Hellman object
+diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+index b487d59a59a3..50853d6f0bde 100644
+--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
++++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+@@ -40,7 +40,7 @@ struct private_openssl_ec_diffie_hellman_t {
+ 	/**
+ 	 * Diffie Hellman group number.
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/**
+ 	 * EC private (public) key
+diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+index 36cc284bf2b5..23b63d2386af 100644
+--- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
++++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
+@@ -47,7 +47,7 @@ struct private_pkcs11_dh_t {
+ 	/**
+ 	 * Diffie Hellman group number.
+ 	 */
+-	u_int16_t group;
++	diffie_hellman_group_t group;
+ 
+ 	/**
+ 	 * Handle for own private value
+-- 
+1.9.1
+
+
diff -Nru strongswan-5.2.1/debian/patches/series strongswan-5.2.1/debian/patches/series
--- strongswan-5.2.1/debian/patches/series	2014-10-23 18:07:52.000000000 +0200
+++ strongswan-5.2.1/debian/patches/series	2014-12-28 16:17:34.000000000 +0100
@@ -2,3 +2,4 @@
 02_chunk-endianness.patch
 03_systemd-service.patch
 04_disable-libtls-tests.patch
+CVE-2014-9221_modp_custom.patch

--- End Message ---
--- Begin Message --- 
Hi,

On Mon, Jan 05, 2015 at 01:24:39PM +0100, Yves-Alexis Perez wrote:
> Please unblock package strongswan

Unblocked.

Cheers,

Ivo

--- End Message ---
Reply to: