Amazon Linux AMI update for libreswan

1) Error Handling

EUVDB-ID: #VU87342

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-2357

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of a missing PreSharedKey when  a connection is configured to use reSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup sing the auto= keyword, it can cause repeated crashes leading to a denial of service.

Mitigation

Update the affected packages:

aarch64:
    libreswan-debuginfo-4.12-3.amzn2023.0.1.aarch64
    libreswan-4.12-3.amzn2023.0.1.aarch64
    libreswan-debugsource-4.12-3.amzn2023.0.1.aarch64

src:
    libreswan-4.12-3.amzn2023.0.1.src

x86_64:
    libreswan-debuginfo-4.12-3.amzn2023.0.1.x86_64
    libreswan-4.12-3.amzn2023.0.1.x86_64
    libreswan-debugsource-4.12-3.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

libreswan: before 4.12-3

CPE2.3

• cpe:2.3:o:amazon_web_services:amazon_linux_ami:*:*:*:*:*:*:*:*
• cpe:2.3:o:amazon_web_services:libreswan:*:*:*:*:*:amazon_linux_ami:*:*

External links

https://alas.aws.amazon.com/AL2023/ALAS-2024-587.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.