BUGTRAQ ID: 34296
CVE(CAN) ID: CVE-2009-0790
Openswan和strongSwan都是Linux系统下的IPSEC实现。
死亡对等体检测(DPD)是IPsec IKE通知消息,使用ICOOKIE/RCOOKIE机制将入站报文匹配到已知的安全关联(ISAKMP)。在一个端点的ISAKMP状态已过期但另一个端点仍在使用旧状态发送DPD通知的情况下,如果远程攻击者向Openswan和strongSwan发送了恶意的R_U_THERE或 R_U_THERE_ACK通知报文的话,就会在不存在的状态对象st上触发空指针引用,导致pluto IKE守护程序崩溃并重启。
由于这种状态查询是在加密或解密之前执行的,因此可无需经过phase1(ISAKMP)协商便触发这个漏洞。
Openswan Openswan < 2.6.21
strongSwan strongSwan < 4.2.14
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1759-1)以及相应补丁:
DSA-1759-1:New strongswan packages fix denial of service
链接:<a href=http://www.debian.org/security/2009/dsa-1759 target=_blank rel=external nofollow>http://www.debian.org/security/2009/dsa-1759</a>
补丁下载:
Source archives:
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.dsc</a>
Size/MD5 checksum: 811 15760a0423c8cf0829c0f71d5424ab27
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg.orig.tar.gz</a>
Size/MD5 checksum: 3155518 8b9ac905b9bcd41fb826e3d67e90a33d
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1.diff.gz</a>
Size/MD5 checksum: 57545 276bae2bae3230bcef527b44f3b9fb99
alpha architecture (DEC Alpha)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_alpha.deb</a>
Size/MD5 checksum: 1197696 7fc7c6438f1c2739373c193784934461
amd64 architecture (AMD x86_64 (AMD64))
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_amd64.deb</a>
Size/MD5 checksum: 1100438 4004ce8cfc2b2de41712a4d73a520de2
arm architecture (ARM)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_arm.deb</a>
Size/MD5 checksum: 1070794 dc1e10007ea82d547591052d032e0216
hppa architecture (HP PA RISC)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_hppa.deb</a>
Size/MD5 checksum: 1136062 9f5996ea05d930e0a7a361336263be58
i386 architecture (Intel ia32)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_i386.deb</a>
Size/MD5 checksum: 1051780 25b41b38e8698a6f61b3f4f523ca52c7
ia64 architecture (Intel ia64)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_ia64.deb</a>
Size/MD5 checksum: 1454480 19818a3ec7756710ea1abfdbd9ebadcc
mips architecture (MIPS (Big Endian))
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mips.deb</a>
Size/MD5 checksum: 1124636 be7189aac59d98fbec7a9bf9a5f7b74d
mipsel architecture (MIPS (Little Endian))
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_mipsel.deb</a>
Size/MD5 checksum: 1130402 25bdc2ca2651db73a88f079902a35f43
powerpc architecture (PowerPC)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_powerpc.deb</a>
Size/MD5 checksum: 1097994 e1eb29c9c4dd776259178308a6b40a04
s390 architecture (IBM S/390)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_s390.deb</a>
Size/MD5 checksum: 1084268 90b6459bb59a264eaf1aa2b26ed82acd
sparc architecture (Sun SPARC/UltraSPARC)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch1_sparc.deb</a>
Size/MD5 checksum: 1024106 9ad2a093d9efad364a0eb80a0f20057f
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.dsc</a>
Size/MD5 checksum: 1310 c6dc3521aee080f275ea0f65ded35bca
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1.diff.gz</a>
Size/MD5 checksum: 57299 b6d1af4a7144d5289400f35dcd18eb5e
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4.orig.tar.gz</a>
Size/MD5 checksum: 3295212 92ddfaedd6698bc6640927def271d476
alpha architecture (DEC Alpha)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_alpha.deb</a>
Size/MD5 checksum: 1301122 7c83dcbdcdb177e9bc83361d4c064f6d
amd64 architecture (AMD x86_64 (AMD64))
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_amd64.deb</a>
Size/MD5 checksum: 1178112 875f877f564c88b885ebf68be2478f0c
arm architecture (ARM)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_arm.deb</a>
Size/MD5 checksum: 1034248 3c20d44508cc5255c3e6ad74cf9cac9c
armel architecture (ARM EABI)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_armel.deb</a>
Size/MD5 checksum: 1034868 457ca8749ced0c177c5825ca953423e7
hppa architecture (HP PA RISC)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_hppa.deb</a>
Size/MD5 checksum: 1214270 353bde7aacb7e5a875ba8d715da70caa
i386 architecture (Intel ia32)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_i386.deb</a>
Size/MD5 checksum: 1099806 02a117d38e15ecf3e0b2667985b7710e
ia64 architecture (Intel ia64)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_ia64.deb</a>
Size/MD5 checksum: 1615308 d0f1ed5581a772eecf3801a45d57ab95
mips architecture (MIPS (Big Endian))
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mips.deb</a>
Size/MD5 checksum: 1158540 656a66202077e4f55d24433af6ab3ce5
mipsel architecture (MIPS (Little Endian))
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_mipsel.deb</a>
Size/MD5 checksum: 1157848 614cad1bdd081160a3fe74e3d1e4e902
powerpc architecture (PowerPC)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_powerpc.deb</a>
Size/MD5 checksum: 1228470 6dbb9fa6379444c2f0cebba7fc417027
s390 architecture (IBM S/390)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_s390.deb</a>
Size/MD5 checksum: 1258802 d92712a84cbb2d2c181546927d4f9f36
sparc architecture (Sun SPARC/UltraSPARC)
<a href=http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb target=_blank rel=external nofollow>http://security.debian.org/pool/updates/main/s/strongswan/strongswan_4.2.4-5+lenny1_sparc.deb</a>
Size/MD5 checksum: 1142494 cd69f7750be1e6cc0e83003e74480bde
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2009:0402-01)以及相应补丁:
RHSA-2009:0402-01:Important: openswan security update
链接:<a href=https://www.redhat.com/support/errata/RHSA-2009-0402.html target=_blank rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-0402.html</a>
Openswan
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=http://www.openswan.org/CVE-2009-0790/ target=_blank rel=external nofollow>http://www.openswan.org/CVE-2009-0790/</a>
暂无评论