Vulnerabilities > CVE-2020-1763 - Unspecified vulnerability in Libreswan
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2020-2070.NASL description From Red Hat Security Advisory 2020:2070 : The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2070 advisory. - libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-05-14 plugin id 136601 published 2020-05-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136601 title Oracle Linux 8 : libreswan (ELSA-2020-2070) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2070.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2070 advisory. - libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-18 modified 2020-05-12 plugin id 136497 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136497 title RHEL 8 : libreswan (RHSA-2020:2070) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4684.NASL description Stephan Zeisberg discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 Informational Exchange packet, resulting in denial of service. last seen 2020-05-19 modified 2020-05-14 plugin id 136590 published 2020-05-14 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136590 title Debian DSA-4684-1 : libreswan - security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2071.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2071 advisory. - libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-18 modified 2020-05-12 plugin id 136499 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136499 title RHEL 8 : libreswan (RHSA-2020:2071) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2069.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2069 advisory. - libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-18 modified 2020-05-12 plugin id 136500 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136500 title RHEL 8 : libreswan (RHSA-2020:2069)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1813329
- https://bugzilla.redhat.com/show_bug.cgi?id=1813329
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1763
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf
- https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
- https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
- https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
- https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt
- https://security.gentoo.org/glsa/202007-21
- https://security.gentoo.org/glsa/202007-21
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04
- https://www.debian.org/security/2020/dsa-4684
- https://www.debian.org/security/2020/dsa-4684