Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service.
|Package||net-firewall/ipsec-tools on all architectures|
|Affected versions||< 0.7.2|
|Unaffected versions||>= 0.7.2|
The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections.
The following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools:
A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon.
There is no known workaround at this time.
All IPSec Tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"
May 24, 2009
May 24, 2009: 01