Vulnerabilities > CVE-2008-3652 - Unspecified vulnerability in Ipsec-Tools
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ipsec-tools
nessus
Summary
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-9007.NASL description The update fixes memory leaks potentially leading to DoS (CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and NAT-T support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34710 published 2008-11-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34710 title Fedora 9 : ipsec-tools-0.7.1-5.fc9 (2008-9007) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-9007. # include("compat.inc"); if (description) { script_id(34710); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2008-3651", "CVE-2008-3652"); script_bugtraq_id(30657); script_xref(name:"FEDORA", value:"2008-9007"); script_name(english:"Fedora 9 : ipsec-tools-0.7.1-5.fc9 (2008-9007)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The update fixes memory leaks potentially leading to DoS (CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and NAT-T support. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=456660" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=458846" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/015996.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?498c0778" ); script_set_attribute( attribute:"solution", value:"Update the affected ipsec-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(200, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2008/11/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/11/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"ipsec-tools-0.7.1-5.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools"); }NASL family SuSE Local Security Checks NASL id SUSE_IPSEC-TOOLS-5630.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 34739 published 2008-11-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34739 title openSUSE 10 Security Update : ipsec-tools (ipsec-tools-5630) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_ABCACB5AE7F111DDAFCD00E0815B8DA8.NASL description SecurityFocus reports : IPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets. A successful attack allows a remote attacker to crash the software, denying further service to legitimate users. last seen 2020-06-01 modified 2020-06-02 plugin id 35442 published 2009-01-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35442 title FreeBSD : ipset-tools -- Denial of Service Vulnerabilities (abcacb5a-e7f1-11dd-afcd-00e0815b8da8) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2008-0849.NASL description From Red Hat Security Advisory 2008:0849 : An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652) Users of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67741 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67741 title Oracle Linux 3 / 4 / 5 : ipsec-tools (ELSA-2008-0849) NASL family Fedora Local Security Checks NASL id FEDORA_2008-9016.NASL description The update fixes memory leaks potentially leading to DoS (CVE-2008-3651 CVE-2008-3652). It also fixes problems with DPD and NAT-T support. This has been in rawhide for a while, with no bad reports. It improves remote-access client connection to Cisco ASA. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34711 published 2008-11-07 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34711 title Fedora 8 : ipsec-tools-0.7.1-5.fc8 (2008-9016) NASL family SuSE Local Security Checks NASL id SUSE_11_0_IPSEC-TOOLS-080925.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 39992 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39992 title openSUSE Security Update : ipsec-tools (ipsec-tools-223) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0010.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. CVE-2009-1632 Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. CVE-2008-3651 Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. CVE-2008-3652 src/racoon/handler.c in racoon in ipsec-tools does not remove an last seen 2020-06-01 modified 2020-06-02 plugin id 79457 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79457 title OracleVM 2.1 : ipsec-tools (OVMSA-2009-0010) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2008-0849.NASL description An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652) Users of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34052 published 2008-08-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34052 title CentOS 3 / 4 / 5 : ipsec-tools (CESA-2008:0849) NASL family SuSE Local Security Checks NASL id SUSE_11_0_NOVELL-IPSEC-TOOLS-081220.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 40080 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40080 title openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-389) NASL family SuSE Local Security Checks NASL id SUSE_NOVELL-IPSEC-TOOLS-5887.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 35680 published 2009-02-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35680 title openSUSE 10 Security Update : novell-ipsec-tools (novell-ipsec-tools-5887) NASL family SuSE Local Security Checks NASL id SUSE9_12259.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 41246 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41246 title SuSE9 Security Update : ipsec-tools (YOU Patch Number 12259) NASL family SuSE Local Security Checks NASL id SUSE_IPSEC-TOOLS-5638.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 34740 published 2008-11-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34740 title SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 5638) NASL family Scientific Linux Local Security Checks NASL id SL_20080826_IPSEC_TOOLS_ON_SL3_X.NASL description Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652) last seen 2020-06-01 modified 2020-06-02 plugin id 60468 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60468 title Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-641-1.NASL description It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the last seen 2020-06-01 modified 2020-06-02 plugin id 34116 published 2008-09-09 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34116 title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ipsec-tools vulnerabilities (USN-641-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-181.NASL description Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory (CVE-2008-3651, CVE-2008-3652). The updated packages have been patched to prevent these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37703 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37703 title Mandriva Linux Security Advisory : ipsec-tools (MDVSA-2008:181) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0849.NASL description An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652) Users of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34054 published 2008-08-27 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/34054 title RHEL 3 / 4 / 5 : ipsec-tools (RHSA-2008:0849) NASL family MacOS X Local Security Checks NASL id MACOSX_10_5_7.NASL description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38744 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38744 title Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200812-03.NASL description The remote host is affected by the vulnerability described in GLSA-200812-03 (IPsec-Tools: racoon Denial of Service) Two Denial of Service vulnerabilities have been reported in racoon: The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an last seen 2020-06-01 modified 2020-06-02 plugin id 35020 published 2008-12-03 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35020 title GLSA-200812-03 : IPsec-Tools: racoon Denial of Service NASL family SuSE Local Security Checks NASL id SUSE_NOVELL-IPSEC-TOOLS-5888.NASL description Remote attackers could exploit memory leaks in the last seen 2020-06-01 modified 2020-06-02 plugin id 51758 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51758 title SuSE 10 Security Update : novell-ipsec (ZYPP Patch Number 5888) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-002.NASL description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 38743 published 2009-05-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38743 title Mac OS X Multiple Vulnerabilities (Security Update 2009-002)
Oval
| accepted | 2013-04-29T04:05:46.995-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:10448 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). | ||||||||||||||||||||||||||||||||
| version | 27 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 30657 CVE(CAN) ID: CVE-2008-3651,CVE-2008-3652 IPsec-Tools是KAME的IPsec工具到Linux平台上的移植。 ipsec-tools的racoon守护进程的src/racoon/handler.c文件没有删除远程初始化的孤儿ph1句柄,racoon/proposal.c文件中存在内存泄露漏洞。如果远程攻击者发送了无效请求报文的话,就可能导致耗尽所有可用内存。 IPsec-Tools < 0.7.1 RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:0849-01)以及相应补丁: RHSA-2008:0849-01:Important: ipsec-tools security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-0849.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0849.html</a> Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200812-03)以及相应补丁: GLSA-200812-03:IPsec-Tools: racoon Denial of Service 链接:<a href=http://security.gentoo.org/glsa/glsa-200812-03.xml target=_blank>http://security.gentoo.org/glsa/glsa-200812-03.xml</a> 所有IPsec-Tools用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot -v ">=net-firewall/ipsec-tools-0.7.1" |
| id | SSV:4522 |
| last seen | 2017-11-19 |
| modified | 2008-12-05 |
| published | 2008-12-05 |
| reporter | Root |
| title | IPsec-Tools多个远程拒绝服务漏洞 |
References
- http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
- http://secunia.com/advisories/31478
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:181
- http://www.redhat.com/support/errata/RHSA-2008-0849.html
- http://www.securityfocus.com/bid/30657
- http://secunia.com/advisories/31624
- http://www.ubuntu.com/usn/usn-641-1
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
- http://secunia.com/advisories/32759
- http://www.securitytracker.com/id?1020692
- http://secunia.com/advisories/32971
- http://security.gentoo.org/glsa/glsa-200812-03.xml
- http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://www.vupen.com/english/advisories/2009/1297
- http://secunia.com/advisories/35074
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://support.apple.com/kb/HT3549
- http://support.apple.com/kb/HT3639
- http://www.vupen.com/english/advisories/2009/1621
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://www.vupen.com/english/advisories/2008/2844
- http://www.vupen.com/english/advisories/2008/2378
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44424
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10448