relays EAP messages to and from a RADIUS server. Succesfully
tested with with a freeradius server using EAP-MD5 and EAP-SIM.
+- A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
+ Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
+ all Openswan and strongSwan releases. A malicious (or expired ISAKMP)
+ R_U_THERE or R_U_THERE_ACK Dead Peer Detection packet can cause the
+ pluto IKE daemon to crash and restart. No authentication or encryption
+ is required to trigger this bug. One spoofed UDP packet can cause the
+ pluto IKE daemon to restart and be unresponsive for a few seconds while
+ restarting. This DPD null state vulnerability has been officially
+ registered as CVE-2009-0790 and is fixed by this release.
+
- ASN.1 to time_t conversion caused a time wrap-around for
dates after Jan 18 03:14:07 UTC 2038 on 32-bit platforms.
As a workaround such dates are set to the maximum representable
time_t tm = now();
u_int32_t seqno;
- if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+ if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
{
- loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISKAMP SA");
+ loglog(RC_LOG_SERIOUS, "DPD: Received R_U_THERE for unestablished ISAKMP SA");
return STF_IGNORE;
}
if (n->isan_spisize != COOKIE_SIZE * 2 || pbs_left(pbs) < COOKIE_SIZE * 2)
{
u_int32_t seqno;
- if (!IS_ISAKMP_SA_ESTABLISHED(st->st_state))
+ if (st == NULL || !IS_ISAKMP_SA_ESTABLISHED(st->st_state))
{
loglog(RC_LOG_SERIOUS
- , "DPD: Received R_U_THERE_ACK for unestablished ISKAMP SA");
+ , "DPD: Received R_U_THERE_ACK for unestablished ISAKMP SA");
return STF_FAIL;
}
DEC_MD5_VID(STRONGSWAN_4_0_1, "strongSwan 4.0.1")
DEC_MD5_VID(STRONGSWAN_4_0_0, "strongSwan 4.0.0")
+ DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.9")
DEC_MD5_VID(STRONGSWAN_2_8_8, "strongSwan 2.8.8")
DEC_MD5_VID(STRONGSWAN_2_8_7, "strongSwan 2.8.7")
DEC_MD5_VID(STRONGSWAN_2_8_6, "strongSwan 2.8.6")
VID_STRONGSWAN_2_8_6 = 72,
VID_STRONGSWAN_2_8_7 = 73,
VID_STRONGSWAN_2_8_8 = 74,
+ VID_STRONGSWAN_2_8_9 = 75,
VID_STRONGSWAN_4_0_0 = 80,
VID_STRONGSWAN_4_0_1 = 81,