Vulnerability Related to Processing DH Public Values in charon-tkm (CVE-2023-41913)
A vulnerability in
charon-tkm (the TKM-backed version of the charon IKE daemon) related to processing DH public values was fixed. Due to an unchecked
memcpy() to a fixed-length buffer on the stack, this could lead to a buffer overflow and possibly remote code execution. All strongSwan versions since 5.3.0 are affected.
More information is provided in a separate blog entry.
OCSP Responder Utility
Two sources are currently available, the openxpki plugin, which directly accesses an OpenXPKI database, and the command's
--index argument, which reads certificate status information from OpenSSL-style
Automated Certificate Enrollment and Renewal
The new cert-enroll script handles the initial enrollment of an X.509 host certificate with a PKI server via the EST or SCEP protocols. It's based on the corresponding
pki --est|estca and
pki --scep|scepca commands and has been tested extensively with an OpenXPKI server.
Run as a systemd timer or via a crontab entry, the script checks the expiration date of the host certificate daily. When a given deadline is reached, the host certificate is automatically renewed via EST or SCEP re-enrollment based on the possession of the old private key and the matching certificate.
Other Notable Features and Fixes
- Loading of certificates with ECDSA public keys that explicitly encode the curve parameters is rejected by crypto plugins if possible.
charon-cmdallows the use of any type of private key (previously, only RSA keys were supported).
- The openssl plugin now supports the
nameConstraintsextension in X.509 certificates and
iPAddressare now supported by the x509, openssl and constraints plugins.
- Support for encoding
subjectAlternativeNameextensions of type
uniformResourceIdentifierin X.509 certificates has been added via the
uri:prefix (e.g. for URNs).
- Support for password-less PKCS#12 and PKCS#8 files has been added.
- The NetworkManager plugin (
charon-nm) now actually uses the XFRM interface it creates since 5.9.10. The name of that interface can now also be controlled via
connection.interface-namesetting in the
- The resolve plugin tries to maintain the order of DNS servers it installs via
- The kernel-libipsec plugin now always installs routes to remote networks even if no address is found in the local traffic selectors, which allows forwarding traffic from networks the VPN host is not part of.
- Fixed issues while reestablishing multiple CHILD_SAs (e.g. after a DPD timeout) that could cause a reqid to get assigned to multiple CHILD_SAs with unrelated traffic selectors.
- Fixed an issue in
watcher_twith handling errors on sockets (e.g. if the receive buffer is full), which caused an infinite loop if
- Fixed an issue in the IKE_SA_INIT tracking code that was added with 5.9.6, which did not correctly untrack invalid messages with non-zero message IDs or SPIs.
- Fixed a regression introduced with 5.9.8 when handling IKE redirects during IKE_AUTH.
- Fixed the encoding of the CHILD_SA_NOT_FOUND notify if a CHILD_SA is not found during rekeying. It was previously empty, now contains the SPI and sets the protocol to the values received in the REKEY_SA notify.