[Announce] ANNOUNCE: strongSwan 4.3.1 and 4.2.15 released

Andreas Steffen andreas.steffen at strongswan.org
Wed May 27 14:00:37 CEST 2009


Orange Labs IKEv2 fuzzer discovers two DoS vulnerabilities

Two DoS vulnerabilities in the charon daemon were discovered by
fuzzing techniques:

1) Receiving a malformed IKE_SA_INIT request leaves an incomplete state
   which causes a crash of the IKEv2 charon daemon while dereferencing
   a null pointer if a subsequent CREATE_CHILD_SA request for the
   same connection is received.

2) Receiving an IKE_AUTH request with either a missing TSi or TSr
   traffic selector payload causes a crash of the IKEv2 charon daemon
   because the null pointer checks for TSi and TSr prior to deletion
   were swapped by mistake.

The IKEv2 fuzzer used was developed by the Orange Labs vulnerability
research team. The tool was initially written by Gabriel Campana and
is now maintained by Laurent Butti.

All strongSwan versions from 4.1.0 up to 4.3.0 are affected. Either
apply the two security patches



or upgrade to strongSwan 4.3.1 or 4.2.15.

Other fixes and improvements in 4.3.1

- The nm plugin now passes DNS/NBNS server information to
  NetworkManager, allowing a gateway administrator to set
  DNS/NBNS configuration on clients dynamically.

- The nm plugin also accepts CA certificates for gateway authentication.
  If a CA certificate is configured, strongSwan uses the entered gateway
  address as its idenitity, requiring the gateways certificate to
  contain the same as subjectAltName. This allows a gateway
  administrator to deploy the same certificates to Windows 7 and
  NetworkManager clients.

- The command ipsec purgeike deletes IKEv2 SAs that don't have a

- The command ipsec down <conn>{n} deletes CHILD SA instance n of
  connection <conn> whereas ipsec down <conn>{*} deletes all CHILD SA

- The command ipsec down <conn>[n] deletes IKE SA instance n of
  connection <conn> plus dependent CHILD SAs whereas ipsec down
   <conn>[*] deletes all IKE SA instances of connection <conn>.

- Fixed an error introduced in 4.3.0 where EAP authentication calculated
  the AUTH payload incorrectly. Further, the EAP-MSCHAPv2 MSK key
  derivation has been updated to be compatible with the Windows 7
  Release Candidate.

- Refactored installation of triggering policies. Routed policies
  are handled outside of IKE_SAs to keep them installed in any case.
  A tunnel gets established only once, even if initiation is delayed
  due network outages.

- Improved the handling of multiple acquire signals triggered by
  the kernel.

- Added support for AES counter mode in ESP in IKEv2 using the
  proposal keywords aes128ctr, aes192ctr and aes256ctr.

- Further progress in refactoring pluto: Use of the curl and ldap
  plugins for fetching crls and OCSP. Use of the random plugin to
  get keying material from /dev/random or /dev/urandom. Use of the
  openssl plugin as an alternative to the default aes, des, sha1,
  sha2, and md5 plugins. The blowfish, twofish, and serpent encryption
  plugins are optional and are not enabled by default.

Best regards

Martin Willi & Andreas Steffen

Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

More information about the Announce mailing list