Subject: CVE-2013-2054 strongSwan remote buffer overflow in atodn() Release date: Mon May 13, 2013 URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-052 This alert (and any possible updates) is available at the following URLs: http://download.strongswan.org/security/CVE-2013-2054/ See also: Libreswan atodn() CVE-2013-2052, Openswan atodn() CVE-2013-2053 An audit of code from The Libreswan Project revealed a remote buffer overflow in the atodn() function used by both libreswan, openswan, and older versions of strongSwan and superfreeswan when called from atoid() Vulnerable versions: strongSwan 2.0.0 to 4.3.4 Not vulnerable : strongSwan 4.3.5 to 5.0.4 Vulnerability information: When enabling Opportunistic Encryption ("OE") which strongSwan does not permit via the ipsec.conf configuration file because the OE keywords are not supported by ipsec starter, the IKE daemon pluto requests DNS TXT records to obtain public RSA keys of itself and its peers. These records can contain an IPsec gateway specification containing an fully qualified hostname which is passed to a function atoid(). When X.509 support was added to FreeS/WAN, ASN.1 parsing was added to the function atoid() which converts an ASCII ID representation into an internal struct id representation using a static buffer via the function temporary_cyclic_buffer() While DNS TXT records cannot contain ASN.1 representations, the code mistakenly checked for such interpretation if the DNS TXT FQDN contained an '=' symbol. Since DNS TXT buffers can be larger than what the ASN.1 parsing code expected, parsing such a record can trigger a buffer overflow leading to remote execution of code, specifically when overflowing into the struct kernel_ops which is a table of function pointers. The strongSwan atodn() function was totally rewritten with the 4.3.5 release in October 2009 and the potential vulnerability was removed. Exploitation: This exploit cannot be triggered via the strongSwan ipsec.conf configuration file but for experts it might be possible to set up Opportunistic Encryption manually by using the ipsec whack script. Even then, without preconfiguring their own public RSA key in DNS, such a configuration will suffer severe connectivity problems leaving the machine with 30 second delay for each outgoing connection - a deployment scenario that is extremely unlikely to appear in the wild. In the unlikely event that machines are configured as such, this vulnerability can only be exploited by a local attacker controlling the reverse DNS entry for the IP address of the targetted host. If the machine is properly configured for OE, an attacker only needs to trigger a connection to an IP address for which they control the reverse DNS zone where they can place the malicious DNS record. Workaround: If you cannot upgrade to strongSwan 4.3.5 or newer, a signed patch stored under the following link addresses the vulnerability: http://download.strongswan.org/security/CVE-2013-2054/ Related: These functions are also used in other freeswan derivatives - libreswan 3.0 and 3.1, openswan 1.x to 2.6.38 and superfreeswan. For full information regarding libreswan, see CVE-2013-2052 For full information regarding openswan, see CVE-2013-2053 Credits: This vulnerability was found by Florian Weimer of the Red Hat Product Security Team (https://access.redhat.com/security/team/)