Libreswan 3.22 < 4.15 / 5.0rc1 < 5.0 DoS

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193875);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/26");

  script_cve_id("CVE-2024-3652");
  script_xref(name:"IAVA", value:"2024-A-0255");

  script_name(english:"Libreswan 3.22 < 4.15 / 5.0rc1 < 5.0 DoS");

  script_set_attribute(attribute:"synopsis", value:
"The version of Libreswan installed on the remote host is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Libreswan installed on the remote host is between 3.22 and 4.14, or a 5.0 release candidate prior to 5.0
. It is, therefore, affected by a denial of service (DoS) vulnerability. The Libreswan Project was notified of an issue 
causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, 
libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not
affected.

Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"https://libreswan.org/security/CVE-2024-3652/CVE-2024-3652.txt");
  script_set_attribute(attribute:"see_also", value:"https://libreswan.org/security/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Libreswan version 4.15, 5.0 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-3652");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:libreswan:libreswan");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("libreswan_nix_installed.nbin");
  script_require_keys("installed_sw/Libreswan");

  exit(0);
}

include('vcf.inc');

var app = 'Libreswan';

var app_info = vcf::get_app_info(app:app);
vcf::check_all_backporting(app_info:app_info);

var constraints = [
  { 'min_version': '3.22', 'fixed_version' : '4.15'},
  { 'min_version': '5.0rc1', 'fixed_version' : '5.0'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);