The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

The version of libreswan installed on the remote host is prior to 3.25-4.8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2596 advisory.

    The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without     specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an     assertion failure and crashes and restarts. IKEv2 connections are not affected. (CVE-2024-3652)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4431 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4376 advisory.

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4417 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4376 advisory.

    [4.12-2.0.1.4]
    - Add libreswan-oracle.patch to detect Oracle Linux distro

    [4.12-2.4]
    - Fix CVE-2024-3652 (RHEL-32482)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4376 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4377 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:4050 advisory.

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

Tenable has extracted the preceding description block directly from the Rocky Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4200 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-05a6ab143e advisory.

    Update to 4.15 for CVE-2024-3652

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-07c9cfd337 advisory.

    Update to 4.15 for CVE-2024-3652

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-4050 advisory.

    [4.12-2.0.1.1]
    - Add libreswan-oracle.patch to detect Oracle Linux distro

    [4.12-2.1]
    - Fix CVE-2024-3652 (RHEL-40102)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:4050 advisory.

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4050 advisory.

    Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and     uses strong cryptography to provide both authentication and encryption services. These services allow you     to build secure tunnels through untrusted networks such as virtual private network (VPN).

    Security Fix(es):

    * libreswan: IKEv1 default AH/ESP responder can crash and restart (CVE-2024-3652)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-621 advisory.

    The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without     specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an     assertion failure and crashes and restarts. IKEv2 connections are not affected. (CVE-2024-3652)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Libreswan installed on the remote host is between 3.22 and 4.14, or a 5.0 release candidate prior to 5.0 . It is, therefore, affected by a denial of service (DoS) vulnerability. The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
202980	Amazon Linux 2 : libreswan (ALAS-2024-2596)	Nessus	Amazon Linux Local Security Checks	medium
202077	RHEL 9 : libreswan (RHSA-2024:4431)	Nessus	Red Hat Local Security Checks	medium
202067	AlmaLinux 8 : libreswan (ALSA-2024:4376)	Nessus	Alma Linux Local Security Checks	medium
202005	RHEL 8 : libreswan (RHSA-2024:4417)	Nessus	Red Hat Local Security Checks	medium
201991	Oracle Linux 8 : libreswan (ELSA-2024-4376)	Nessus	Oracle Linux Local Security Checks	medium
201959	RHEL 8 : libreswan (RHSA-2024:4376)	Nessus	Red Hat Local Security Checks	medium
201955	RHEL 9 : libreswan (RHSA-2024:4377)	Nessus	Red Hat Local Security Checks	medium
201247	Rocky Linux 9 : libreswan (RLSA-2024:4050)	Nessus	Rocky Linux Local Security Checks	medium
201183	RHEL 8 : libreswan (RHSA-2024:4200)	Nessus	Red Hat Local Security Checks	medium
201177	Fedora 40 : libreswan (2024-05a6ab143e)	Nessus	Fedora Local Security Checks	medium
201175	Fedora 39 : libreswan (2024-07c9cfd337)	Nessus	Fedora Local Security Checks	medium
200884	Oracle Linux 9 : libreswan (ELSA-2024-4050)	Nessus	Oracle Linux Local Security Checks	medium
200877	AlmaLinux 9 : libreswan (ALSA-2024:4050)	Nessus	Alma Linux Local Security Checks	medium
200872	RHEL 9 : libreswan (RHSA-2024:4050)	Nessus	Red Hat Local Security Checks	medium
197960	Amazon Linux 2023 : libreswan (ALAS2023-2024-621)	Nessus	Amazon Linux Local Security Checks	medium
193875	Libreswan 3.22 < 4.15 / 5.0rc1 < 5.0 DoS	Nessus	Misc.	high

Detections

Analytics

CVE-2024-3652

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

high