The version of libreswan installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-38710 advisory.

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the libreswan-4.12-1.el9 build changelog.

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

  - An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with     ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a     crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. (CVE-2023-38711)

  - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational     Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA,     such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the     pluto daemon to crash and restart. (CVE-2023-38712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:6549 advisory.

  - libreswan: Invalid IKEv2 REKEY proposal causes restart (CVE-2023-38710)

  - libreswan: Invalid IKEv1 Quick Mode ID causes restart (CVE-2023-38711)

  - libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart (CVE-2023-38712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:7052 advisory.

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

  - An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with     ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a     crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. (CVE-2023-38711)

  - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational     Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA,     such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the     pluto daemon to crash and restart. (CVE-2023-38712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dbc6d8a124 advisory.

  - An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with     ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a     crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. (CVE-2023-38711)

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

  - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational     Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA,     such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the     pluto daemon to crash and restart. (CVE-2023-38712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ddd6e6b49b advisory.

  - An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with     ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a     crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. (CVE-2023-38711)

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

  - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational     Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA,     such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the     pluto daemon to crash and restart. (CVE-2023-38712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7052 advisory.

  - libreswan: Invalid IKEv2 REKEY proposal causes restart (CVE-2023-38710)

  - libreswan: Invalid IKEv1 Quick Mode ID causes restart (CVE-2023-38711)

  - libreswan: Invalid IKEv1 repeat IKE SA delete causes crash and restart (CVE-2023-38712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-6549 advisory.

  - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational     Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA,     such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the     pluto daemon to crash and restart. (CVE-2023-38712)

  - An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with     ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a     crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. (CVE-2023-38711)

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7052 advisory.

  - An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational     Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA,     such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the     pluto daemon to crash and restart. (CVE-2023-38712)

  - An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid     IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's     protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an     assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart.
    NOTE: the earliest affected version is 3.20. (CVE-2023-38710)

  - An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with     ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a     crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. (CVE-2023-38711)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
201699	CBL Mariner 2.0 Security Update: libreswan (CVE-2023-38710)	Nessus	MarinerOS Local Security Checks	7/3/2024	7/3/2024	medium
191308	CentOS 9 : libreswan-4.12-1.el9	Nessus	CentOS Local Security Checks	2/29/2024	4/26/2024	medium
185108	RHEL 9 : libreswan (RHSA-2023:6549)	Nessus	Red Hat Local Security Checks	11/7/2023	4/28/2024	medium
185624	CentOS 8 : libreswan (CESA-2023:7052)	Nessus	CentOS Local Security Checks	11/14/2023	12/13/2023	medium
179994	Fedora 37 : libreswan (2023-dbc6d8a124)	Nessus	Fedora Local Security Checks	8/20/2023	4/29/2024	medium
179995	Fedora 38 : libreswan (2023-ddd6e6b49b)	Nessus	Fedora Local Security Checks	8/20/2023	4/29/2024	medium
185676	RHEL 8 : libreswan (RHSA-2023:7052)	Nessus	Red Hat Local Security Checks	11/14/2023	4/28/2024	medium
185841	Oracle Linux 9 : libreswan (ELSA-2023-6549)	Nessus	Oracle Linux Local Security Checks	11/16/2023	12/13/2023	medium
186124	Oracle Linux 8 : libreswan (ELSA-2023-7052)	Nessus	Oracle Linux Local Security Checks	11/21/2023	12/13/2023	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

medium

medium