[Openswan dev] [Announce] Openswan 2.6.36 released to address CVE-2011-3380 IKE invalid key length vulnerability

Paul Wouters paul at xelerance.com
Wed Oct 5 10:15:28 EDT 2011

Hash: SHA256

Subject: CVE-2011-3380 Openswan IKE invalid key length vulnerability
Release date: Wed Oct 5, 2011


Security Alert:
This alert (and any possible updates) is available at the following URL:

The Openswan project has discovered a vulnerability in the key length
handler in our IKE daemon implementation "pluto".

Vulnerable versions: openswan 2.6.29 up to 2.6.35
Fixed version      : openswan 2.6.36

Vulnerability information:
When an ISAKMP message with an invalid KEY_LENGTH attribute is
received, the error handling function crashes on a NULL pointer
dereference. Openswan automatically restarts the pluto IKE daemon but
all ISAKMP state is lost.  This vulnerability does NOT allow an attacker
access to the system. This can be used to launch a denial of service
attack by sending repeated IKE packets with the invalid key length

Openswan is only vulnerable if the attacker's IP address is allowed to
connect to it by a loaded policy. For static tunnels, this is limited to
the allowed remote IP address. However, in the case of supporting dynamic
clients ("roadwarriors", via right=%any) any IP address can trigger the
crash. The crash is independant of the authentication method used (PSK,
RAW RSA or X.509), Restricted static IPs could also be spoofed to trigger
the vulnerability.

This vulnerability happens in the IKE layer before any authentication
has taken place, meaning the attacker can crash openswan without the
need to know a preshared key (PSK) and without the need for a valid
X.509 certificate, as long as there is a potential match for the
attacker's IP address and the loaded IKE policies.

Vulnerability Details:
The function parse_isakmp_sa_body() calls the function ike_alg_enc_ok()
twice, once to verify the algorithm and once to verify the key length.
In openswan 2.6.29, the second call was changed to pass NULL as the errp
pointer. The function ike_alg_enc_ok() error handler improperly dereferences
the errp pointer.

Full release:
The latest openswan release which fixes all known issues can be found at:
http://www.openswan.org/download/openswan-2.6.36.tar.gz.asc (GPG signature)

For those unable to upgrade to the latest openswan 2.6.36 release, the
following patch can be used to resolve this problem:

diff --git a/programs/pluto/ike_alg.c b/programs/pluto/ike_alg.c
index 78aea4a..08b8d82 100644
- --- a/programs/pluto/ike_alg.c
+++ b/programs/pluto/ike_alg.c
@@ -115,7 +115,7 @@ bool ike_alg_enc_ok(int ealg, unsigned key_len,
                                 ealg, key_len);
- -       if (!ret && *errp)
+       if (!ret && errp)
                 *errp = ugh_buf;
         return ret;

About openswan (http://www.openswan.org/):
Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).

About Xelerance (http://www.xelerance.com/):
Xelerance is the custodian of the openswan IPsec software and the L2TP
server xl2tpd. These are used in combination to provide Enterprise VPN
solutions.  Headquartered in Ottawa, the high-tech capital of Canada,
Xelerance provides products and services to secure the internet. Its
products include DNSX Secure Signer and DNSX Secure Resolver.
Version: GnuPG v1.4.11 (GNU/Linux)

Announce mailing list
Announce at openswan.org

More information about the Dev mailing list