[Pkg-swan-devel] [strongswan] 01/02: Add patch to fix authentication bypass (CVE-2014-2338)
Yves-Alexis Perez
corsac at moszumanska.debian.org
Thu Jul 7 08:44:18 UTC 2016
This is an automated email from the git hooks/post-receive script.
corsac pushed a commit to branch sid-security
in repository strongswan.
commit 424ca98bf0ba3457900fb299991117ea254845e8
Author: Yves-Alexis Perez <corsac at debian.org>
Date: Thu Apr 3 21:07:58 2014 +0200
Add patch to fix authentication bypass (CVE-2014-2338)
* urgency=high for the security fix.
* debian/patches:
- CVE-2014-2338-5.x added, fix authentication bypass (CVE-2014-23338).
---
debian/changelog | 8 ++++++++
debian/patches/CVE-2014-2338-5.x.patch | 36 ++++++++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 45 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 2f81431..e7af53f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+strongswan (5.1.2-4) UNRELEASED; urgency=high
+
+ * urgency=high for the security fix.
+ * debian/patches:
+ - CVE-2014-2338-5.x added, fix authentication bypass (CVE-2014-2338).
+
+ -- Yves-Alexis Perez <corsac at debian.org> Thu, 03 Apr 2014 21:06:51 +0200
+
strongswan (5.1.2-3) unstable; urgency=medium
* debian/patches/
diff --git a/debian/patches/CVE-2014-2338-5.x.patch b/debian/patches/CVE-2014-2338-5.x.patch
new file mode 100644
index 0000000..688245c
--- /dev/null
+++ b/debian/patches/CVE-2014-2338-5.x.patch
@@ -0,0 +1,36 @@
+From b980ba7757dcfedd756aa055b3271ea58cf85aa6 Mon Sep 17 00:00:00 2001
+From: Martin Willi <martin at revosec.ch>
+Date: Thu, 20 Feb 2014 16:08:43 +0100
+Subject: [PATCH] ikev2: Reject CREATE_CHILD_SA exchange on unestablished
+ IKE_SAs
+
+Prevents a responder peer to trick us into established state by starting
+IKE_SA rekeying before the IKE_SA has been authenticated during IKE_AUTH.
+
+Fixes CVE-2014-2338 for 5.x versions of strongSwan.
+---
+ src/libcharon/sa/ikev2/task_manager_v2.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
+index ac3be90..a5252ab 100644
+--- a/src/libcharon/sa/ikev2/task_manager_v2.c
++++ b/src/libcharon/sa/ikev2/task_manager_v2.c
+@@ -778,6 +778,15 @@ static status_t process_request(private_task_manager_t *this,
+ case CREATE_CHILD_SA:
+ { /* FIXME: we should prevent this on mediation connections */
+ bool notify_found = FALSE, ts_found = FALSE;
++
++ if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED ||
++ this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING)
++ {
++ DBG1(DBG_IKE, "received CREATE_CHILD_SA request for "
++ "unestablished IKE_SA, rejected");
++ return FAILED;
++ }
++
+ enumerator = message->create_payload_enumerator(message);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+--
+1.8.1.2
diff --git a/debian/patches/series b/debian/patches/series
index d31e3c5..a08a094 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
01_fix-manpages.patch
02_unit-tests-Fix-filtered-enumerator-tests-on-64-bit-b.patch
03_unit-tests-Fix-chunk-clear-armel.patch
+CVE-2014-2338-5.x.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-swan/strongswan.git
More information about the Pkg-swan-devel
mailing list