From a24567fbc43f221b14e805f9bc0b7c6d16911c46 Mon Sep 17 00:00:00 2001 From: Alex Legler Date: Sun, 8 Mar 2015 22:02:38 +0100 Subject: Import existing advisories --- glsa-200905-03.xml | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 glsa-200905-03.xml (limited to 'glsa-200905-03.xml') diff --git a/glsa-200905-03.xml b/glsa-200905-03.xml new file mode 100644 index 00000000..c07b5fa0 --- /dev/null +++ b/glsa-200905-03.xml @@ -0,0 +1,78 @@ + + + + + + + IPSec Tools: Denial of Service + + Multiple errors in the IPSec Tools racoon daemon might allow remote + attackers to cause a Denial of Service. + + ipsec-tools + May 24, 2009 + May 24, 2009: 01 + 267135 + remote + + + 0.7.2 + 0.7.2 + + + +

+ The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 + IPsec implementation. They include racoon, an Internet Key Exchange + daemon for automatically keying IPsec connections. +

+ + +

+ The following vulnerabilities have been found in the racoon daemon as + shipped with IPSec Tools: +

+
    +
  • Neil Kettle reported that + racoon/isakmp_frag.c is prone to a null-pointer dereference + (CVE-2009-1574).
    • +
  • Multiple memory leaks exist in (1) the + eay_check_x509sign() function in racoon/crypto_openssl.c and (2) + racoon/nattraversal.c (CVE-2009-1632).
    • +
+ + +

+ A remote attacker could send specially crafted fragmented ISAKMP + packets without a payload or exploit vectors related to X.509 + certificate authentication and NAT traversal, possibly resulting in a + crash of the racoon daemon. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All IPSec Tools users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2" + + + CVE-2009-1574 + CVE-2009-1632 + + + craig + + + a3li + + + rbu + + -- cgit v1.2.3-65-gdbad