|
Vendor response of the Openswan project to the following advisory:
NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
CVE number: Unknown. Not requested or disclosed by reporter
Since we did not have prior knowledge of this vulnerability, and have not
been given access to the test kit, so far we have only been able to
partially analyse our IPsec implementation.
Versions of openswan-1 are (apparently) not vulnerable to this attack.
Versions of openswan-2 are (apparently) vulnerable to a Denial Of Service
attack in two known cases.
One involves a crafted packet using 3DES
with an invalid key length. One other is still unknown to us because no
more information was provided. These two cases cannot be used to obtain
elevated priviledges, since it is not possible to use these bugs to
execute arbitrary code. These attacks are caught within our "assertion
fail" verification code.
Today we have released openswan-2.4.2. This release
fixes the 3DES related Denial Of Service attack.
We STRONGLY encourage CERT-FI and/or NISCC to give us access to the
test kit if they are concerned about the second vulnerability and the
impact of this advisory on the wide install base of Openswan-2 if those
systems are left vulnerable to a DOS attack.
Openswan is the defacto IPsec software used on many Linux distributions,
such as RedHat Linux, Fedora Linux, Debian, SuSe / Novell, Mandrake and
many systems including embedded devices.
For further information, please see:
http://www.openswan.org/
NISCC 273756/NISCC/ISAKMP
Contact us at: security@xelerance.com
The Openswan team
Xelerance Corp.
|
