Vulnerabilities > CVE-2013-4564 - Numeric Errors vulnerability in Libreswan 3.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-23315.NASL description Security fix for CVE-2013-4564, extended AES-GCM and AES-CCM support Improved Cisco interop, IKEv2 improvements, bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-23 plugin id 71592 published 2013-12-23 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71592 title Fedora 19 : libreswan-3.7-1.fc19 (2013-23315) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-23315. # include("compat.inc"); if (description) { script_id(71592); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4564"); script_xref(name:"FEDORA", value:"2013-23315"); script_name(english:"Fedora 19 : libreswan-3.7-1.fc19 (2013-23315)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2013-4564, extended AES-GCM and AES-CCM support Improved Cisco interop, IKEv2 improvements, bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1031830" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b1450622" ); script_set_attribute( attribute:"solution", value:"Update the affected libreswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"libreswan-3.7-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreswan"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-23250.NASL description Security fix for CVE-2013-4564, extended AES-GCM and AES-CCM Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-23 plugin id 71589 published 2013-12-23 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71589 title Fedora 20 : libreswan-3.7-1.fc20 (2013-23250) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-23250. # include("compat.inc"); if (description) { script_id(71589); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4564"); script_xref(name:"FEDORA", value:"2013-23250"); script_name(english:"Fedora 20 : libreswan-3.7-1.fc20 (2013-23250)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2013-4564, extended AES-GCM and AES-CCM Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1031830" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7538313c" ); script_set_attribute( attribute:"solution", value:"Update the affected libreswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"libreswan-3.7-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreswan"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-23299.NASL description Security fix for CVE-2013-4564, extended AES-GCM and AES-CCM Improved Cisco interop, IKEv2 improvements, bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-12-23 plugin id 71591 published 2013-12-23 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71591 title Fedora 18 : libreswan-3.7-1.fc18 (2013-23299) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-23299. # include("compat.inc"); if (description) { script_id(71591); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4564"); script_xref(name:"FEDORA", value:"2013-23299"); script_name(english:"Fedora 18 : libreswan-3.7-1.fc18 (2013-23299)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2013-4564, extended AES-GCM and AES-CCM Improved Cisco interop, IKEv2 improvements, bugfixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1031830" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b4a3fa2c" ); script_set_attribute( attribute:"solution", value:"Update the affected libreswan package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"libreswan-3.7-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreswan"); }
Seebug
bulletinFamily exploit description BUGTRAQ ID: 64984 CVE(CAN) ID: CVE-2013-7294 Libreswan是Linux平台上的IPsec实现,支持很多IPsec扩展,包括IKEv2, X.509 Digital Certificates, NAT Traversal等。 Libreswan 3.7之前版本,programs/pluto/ikev2_parent.c内的函数 ikev2parent_inI1outR1 存在安全漏洞,可导致远程拒绝服务。此漏洞源于处理KE负载时,IKEv2 I1通知失败。 0 libreswan libreswan 3.6 厂商补丁: libreswan --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://github.com/libreswan/libreswan https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc id SSV:61354 last seen 2017-11-19 modified 2014-01-20 published 2014-01-20 reporter Root title Libreswan 'ikev2parent_inI1outR1()'函数远程拒绝服务漏洞 bulletinFamily exploit description CVE ID:CVE-2013-4564 Libreswan是一款类似OpenSwan的IPsec实现。 1)处理"process_packet()方法(pluto/demux.c)中IKE数据包时的错误,导致通过特制的IKE数据包造成libreswan重新启动。 2)处理"ikev2parent_inI1outR1()"函数(pluto/ikev2_parent.c中IKE通告报文时的错误,导致利用特制的IKE引起libreswan重新启动。 3)为RHEL处理libreswan.spec文件时应用程序不安全创建/var/tmp/libreswan-nss-pwd文件,可被利用来操纵某些数据。 0 libreswan 3.x 厂商补丁: libreswan ----- libreswan 3.7版本以修复此漏洞,建议用户下载使用: https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html id SSV:61286 last seen 2017-11-19 modified 2014-01-06 published 2014-01-06 reporter Root title libreswan多个漏洞
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124911.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124928.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124943.html
- http://secunia.com/advisories/56276
- https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
- https://lists.libreswan.org/pipermail/swan-announce/2013/000007.html