IPSec Tools: Denial of Service — GLSA 200905-03

Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service.

Affected Packages

net-firewall/ipsec-tools on all architectures
Affected versions < 0.7.2
Unaffected versions >= 0.7.2

Background

The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections.

Description

The following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools:

  • Neil Kettle reported that racoon/isakmp_frag.c is prone to a null-pointer dereference (CVE-2009-1574).
  • Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632).

Impact

A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon.

Workaround

There is no known workaround at this time.

Resolution

All IPSec Tools users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"

References

Release Date
May 24, 2009

Latest Revision
May 24, 2009: 01

Severity
normal

Exploitable
remote

Bugzilla entries