Bug#521950: CVE-2009-0790: DoS

Mon, 30 Mar 2009 17:02:36 -0700 

Package: strongswan
Severity: grave
Tags: security, patch

Hi

>From the DSA:

Gerd v. Egidy discovered that the Pluto IKE daemon in strongswan, an
IPSec implementation for linux, is prone to a denial of service attack
via a malicious packet.

Please consider including the patch, I've attached the debdiff for
stable.

Cheers
Steffen

diff -u strongswan-4.2.4/debian/changelog strongswan-4.2.4/debian/changelog
--- strongswan-4.2.4/debian/changelog
+++ strongswan-4.2.4/debian/changelog
@@ -1,3 +1,11 @@
+strongswan (4.2.4-5+lenny1) stable-security; urgency=high
+
+  * Non-maintainer upload by the security team
+  * Fix DoS issue via malicious Dead Peer Detection packet
+    Fixes: CVE-2009-0790
+
+ -- Steffen Joeris <wh...@debian.org>  Tue, 24 Mar 2009 12:31:39 +0000
+
 strongswan (4.2.4-5) unstable; urgency=high
 
   Reason for urgency high: this is potentially security relevant.
diff -u strongswan-4.2.4/debian/patches/00list strongswan-4.2.4/debian/patches/00list
--- strongswan-4.2.4/debian/patches/00list
+++ strongswan-4.2.4/debian/patches/00list
@@ -1,0 +2 @@
+02-CVE-2009-0790.dpatch
only in patch2:
unchanged:
--- strongswan-4.2.4.orig/debian/patches/02-CVE-2009-0790.dpatch
+++ strongswan-4.2.4/debian/patches/02-CVE-2009-0790.dpatch
@@ -0,0 +1,31 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+...@dpatch@
+diff -urN strongswan-4.2.13/src/pluto/ipsec_doi.c strongswan-4.2.13-patched/src/pluto/ipsec_doi.c
+--- strongswan-4.2.13/src/pluto/ipsec_doi.c	2009-03-21 09:41:49.000000000 +0100
++++ strongswan-4.2.4/src/pluto/ipsec_doi.c	2009-03-21 09:50:06.000000000 +0100
+@@ -5446,9 +5446,9 @@
+    time_t tm = now();
+     u_int32_t seqno;
+ 
+-    if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
++    if (!st || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+     {
+-        loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA");
++        loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA");
+         return STF_IGNORE;
+     }
+     if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2)
+@@ -5516,10 +5516,10 @@
+ {
+     u_int32_t seqno;
+ 
+-    if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
++    if (!st || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+     {
+         loglog(RC_LOG_SERIOUS
+-	    , "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA");
++	    , "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA");
+         return STF_FAIL;
+     }
+

Reply via email to