A DoS vulnerability triggered by crafted IKEv1 fragmentation payloads was discovered in strongSwan's IKE daemon charon. All versions since 5.0.2 are affected.
One of our users privately reported a DoS vulnerability in strongSwan's IKE daemon charon (CVE-2013-6076). Affected are strongSwan versions 5.0.2 and newer, up to 5.1.0.
The bug can be triggered by a crafted IKEv1 fragmentation payload and is caused by a NULL pointer dereference. If the daemon has any IKEv1 or mixed connections configured, a crafted payload can result in a crash of the IKE daemon. Using the flaw for attacks other than DoS, such as code injection, is not possible.
Many thanks to Volker Rümelin for reporting the issue responsibly and providing an appropriate fix.
The just released strongSwan 5.1.1 fixes this vulnerability. For older releases we provide a patch that fixes the vulnerability in versions 5.0.2 and newer and should apply to all version.