Vulnerabilities > CVE-2007-1841 - Remote Denial Of Service vulnerability in IPSec-Tools
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_IPSEC-TOOLS-3099.NASL description A bug in the IKE daemon last seen 2020-06-01 modified 2020-06-02 plugin id 29466 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29466 title SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 3099) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29466); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-1841"); script_name(english:"SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 3099)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A bug in the IKE daemon 'racoon' allowed remote attackers shut down established tunnels. (CVE-2007-1841)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1841.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 3099."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:0, reference:"ipsec-tools-0.6.5-10.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Fedora Local Security Checks NASL id FEDORA_2007-665.NASL description - Mon Apr 23 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-8 - Upstream fix for Racoon DOS, informational delete must be encrypted - Resolves: rhbz#235388 - CVE-2007-1841 ipsec-tools racoon DoS - Fri Apr 20 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-7 - Resolves: #218386 labeled ipsec does not work over loopback - Mon Apr 16 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.6 - Related: #232508 add auditing to racoon - Sat Apr 14 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.5 - Resolves: #235680 racoon socket descriptor exhaustion - Thu Apr 12 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.4 - Resolves: #236121 increase buffer for context - Tue Apr 10 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.3 - Resolves: #234491 kernel sends ACQUIRES that racoon is not catching - Resolves: #218386 labeled ipsec does not work over loopback - Tue Mar 20 2007 Harald Hoyer <harald at redhat.com> - 0.6.5-6.2.fc6 - fix for setting the security context into a proposal (32<->64bit) - Resolves: rhbz#232508 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25939 published 2007-08-28 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25939 title Fedora Core 6 : ipsec-tools-0.6.5-8.fc6 (2007-665) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-665. # include("compat.inc"); if (description) { script_id(25939); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-665"); script_name(english:"Fedora Core 6 : ipsec-tools-0.6.5-8.fc6 (2007-665)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Apr 23 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-8 - Upstream fix for Racoon DOS, informational delete must be encrypted - Resolves: rhbz#235388 - CVE-2007-1841 ipsec-tools racoon DoS - Fri Apr 20 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-7 - Resolves: #218386 labeled ipsec does not work over loopback - Mon Apr 16 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.6 - Related: #232508 add auditing to racoon - Sat Apr 14 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.5 - Resolves: #235680 racoon socket descriptor exhaustion - Thu Apr 12 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.4 - Resolves: #236121 increase buffer for context - Tue Apr 10 2007 Steve Grubb <sgrubb at redhat.com> - 0.6.5-6.3 - Resolves: #234491 kernel sends ACQUIRES that racoon is not catching - Resolves: #218386 labeled ipsec does not work over loopback - Tue Mar 20 2007 Harald Hoyer <harald at redhat.com> - 0.6.5-6.2.fc6 - fix for setting the security context into a proposal (32<->64bit) - Resolves: rhbz#232508 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-August/003416.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f7f92fcd" ); script_set_attribute( attribute:"solution", value: "Update the affected ipsec-tools and / or ipsec-tools-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ipsec-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6"); script_set_attribute(attribute:"patch_publication_date", value:"2007/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC6", reference:"ipsec-tools-0.6.5-8.fc6")) flag++; if (rpm_check(release:"FC6", reference:"ipsec-tools-debuginfo-0.6.5-8.fc6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools / ipsec-tools-debuginfo"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-084.NASL description The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service (tunnel crash) via crafted DELTE and NOTIFY messages. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25062 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25062 title Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2007:084) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:084. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(25062); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-1841"); script_xref(name:"MDKSA", value:"2007:084"); script_name(english:"Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2007:084)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service (tunnel crash) via crafted DELTE and NOTIFY messages. Updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ipsec0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64ipsec0-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libipsec0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libipsec0-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"ipsec-tools-0.6.6-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ipsec0-0.6.6-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64ipsec0-devel-0.6.6-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libipsec0-0.6.6-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libipsec0-devel-0.6.6-2.1mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"ipsec-tools-0.6.6-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64ipsec0-0.6.6-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"x86_64", reference:"lib64ipsec0-devel-0.6.6-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libipsec0-0.6.6-2.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", cpu:"i386", reference:"libipsec0-devel-0.6.6-2.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE9_11491.NASL description A bug in the IKE daemon last seen 2020-06-01 modified 2020-06-02 plugin id 41125 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41125 title SuSE9 Security Update : ipsec-tools (YOU Patch Number 11491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41125); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1841"); script_name(english:"SuSE9 Security Update : ipsec-tools (YOU Patch Number 11491)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "A bug in the IKE daemon 'racoon' allowed remote attackers shut down established tunnels. (CVE-2007-1841)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-1841.html" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11491."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"ipsec-tools-0.3.3-1.12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_NOVELL-IPSEC-TOOLS-4655.NASL description This update fixes a security problem in novell-ipsec-tools : CVE-2007-1841: Fix a DoS in isakmp_info_recv and also a non-security bug with a crash in GSSAPI. last seen 2020-06-01 modified 2020-06-02 plugin id 30016 published 2008-01-18 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30016 title openSUSE 10 Security Update : novell-ipsec-tools (novell-ipsec-tools-4655) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-09.NASL description The remote host is affected by the vulnerability described in GLSA-200705-09 (IPsec-Tools: Denial of Service) The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) packets are encrypted. Impact : A remote attacker could send a specially crafted IPsec message to one of the two peers during the beginning of phase 1, resulting in the termination of the IPsec exchange. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25186 published 2007-05-10 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25186 title GLSA-200705-09 : IPsec-Tools: Denial of Service NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1299.NASL description It was discovered that a specially crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. The oldstable distribution (sarge) isn last seen 2020-06-01 modified 2020-06-02 plugin id 25455 published 2007-06-08 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25455 title Debian DSA-1299-1 : ipsec-tools - missing input sanitising NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0342.NASL description Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. (CVE-2007-1841) Users of ipsec-tools should upgrade to these updated packages, which contain a backported patch that resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25330 published 2007-05-25 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25330 title RHEL 5 : ipsec-tools (RHSA-2007:0342) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-450-1.NASL description A flaw was discovered in the IPSec key exchange server last seen 2020-06-01 modified 2020-06-02 plugin id 28047 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28047 title Ubuntu 5.10 / 6.06 LTS / 6.10 : ipsec-tools vulnerability (USN-450-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0342.NASL description Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. (CVE-2007-1841) Users of ipsec-tools should upgrade to these updated packages, which contain a backported patch that resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 43640 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43640 title CentOS 5 : ipsec-tools (CESA-2007:0342) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0342.NASL description From Red Hat Security Advisory 2007:0342 : Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. (CVE-2007-1841) Users of ipsec-tools should upgrade to these updated packages, which contain a backported patch that resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67490 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67490 title Oracle Linux 5 : ipsec-tools (ELSA-2007-0342) NASL family Scientific Linux Local Security Checks NASL id SL_20070517_IPSEC_TOOLS_ON_SL5_X.NASL description A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. (CVE-2007-1841) last seen 2020-06-01 modified 2020-06-02 plugin id 60183 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60183 title Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_IPSEC-TOOLS-3098.NASL description A bug in the IKE daemon last seen 2020-06-01 modified 2020-06-02 plugin id 27273 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27273 title openSUSE 10 Security Update : ipsec-tools (ipsec-tools-3098)
Oval
accepted | 2013-04-29T04:06:14.106-04:00 | ||||||||||||
class | vulnerability | ||||||||||||
contributors |
| ||||||||||||
definition_extensions |
| ||||||||||||
description | The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. | ||||||||||||
family | unix | ||||||||||||
id | oval:org.mitre.oval:def:10504 | ||||||||||||
status | accepted | ||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
title | The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages. | ||||||||||||
version | 18 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://secunia.com/advisories/24815
- http://secunia.com/advisories/24826
- http://secunia.com/advisories/24833
- http://secunia.com/advisories/25072
- http://secunia.com/advisories/25142
- http://secunia.com/advisories/25322
- http://secunia.com/advisories/25560
- http://security.gentoo.org/glsa/glsa-200705-09.xml
- http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc
- http://sourceforge.net/project/shownotes.php?release_id=499192&group_id=74601
- http://www.debian.org/security/2007/dsa-1299
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:084
- http://www.novell.com/linux/security/advisories/2007_8_sr.html
- http://www.securityfocus.com/bid/23394
- http://www.securitytracker.com/id?1018086
- http://www.ubuntu.com/usn/usn-450-1
- http://www.vupen.com/english/advisories/2007/1310
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33541
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10504
- https://rhn.redhat.com/errata/RHSA-2007-0342.html