Vulnerabilities > CVE-2013-6467 - Remote Denial of Service vulnerability in Libreswan 'IKEv2' Payloads

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
libreswan
nessus

Summary

Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. Per: http://cwe.mitre.org/data/definitions/476.html "CWE-476 NULL Pointer Dereference"

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1092.NASL
    descriptionUpdated to 3.8, fixes CVE-2013-6467 (rhbz#1054102) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-29
    plugin id72190
    published2014-01-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72190
    titleFedora 19 : libreswan-3.8-1.fc19 (2014-1092)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-1092.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72190);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_bugtraq_id(64987);
      script_xref(name:"FEDORA", value:"2014-1092");
    
      script_name(english:"Fedora 19 : libreswan-3.8-1.fc19 (2014-1092)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated to 3.8, fixes CVE-2013-6467 (rhbz#1054102)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1054102"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127424.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b1482728"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libreswan package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"libreswan-3.8-1.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreswan");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-1121.NASL
    descriptionUpdated to 3.8, fixes CVE-2013-6467 (rhbz#1054102) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-01-29
    plugin id72191
    published2014-01-29
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72191
    titleFedora 20 : libreswan-3.8-1.fc20 (2014-1121)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-1121.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72191);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_bugtraq_id(64987);
      script_xref(name:"FEDORA", value:"2014-1121");
    
      script_name(english:"Fedora 20 : libreswan-3.8-1.fc20 (2014-1121)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated to 3.8, fixes CVE-2013-6467 (rhbz#1054102)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1054102"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127438.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3728c312"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libreswan package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libreswan");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"libreswan-3.8-1.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libreswan");
    }
    

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 65155 CVE(CAN) ID: CVE-2013-6466 Openswan是一款Linux系统下的IPSEC实现,基于FreeS/WAN项目。 Openswan 2.6.39及之前版本在实现上存在远程拒绝服务漏洞,攻击者通过畸形的IKEv2数据包,利用此漏洞可造成应用重启,导致拒绝服务。 0 Openswan Openswan &lt;= 2.6.39 厂商补丁: Openswan -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.openswan.org/ https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
idSSV:61495
last seen2017-11-19
modified2014-02-20
published2014-02-20
reporterRoot
titleOpenswan IKEv2负载远程拒绝服务漏洞