Vulnerabilities > CVE-2009-1632 - Resource Management Errors vulnerability in Ipsec-Tools
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities. CVE-2009-1632. Dos exploits for multiple platform |
| id | EDB-ID:10014 |
| last seen | 2016-02-01 |
| modified | 2009-11-09 |
| published | 2009-11-09 |
| reporter | mu-b |
| source | https://www.exploit-db.com/download/10014/ |
| title | IPsec-Tools < 0.7.2 - Multiple Remote Denial of Service Vulnerabilities |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-006.NASL description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42433 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42433 title Mac OS X Multiple Vulnerabilities (Security Update 2009-006) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");NASL family SuSE Local Security Checks NASL id SUSE_11_1_NOVELL-IPSEC-TOOLS-090616.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 40283 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40283 title openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update novell-ipsec-tools-1007. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40283); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:35"); script_cve_id("CVE-2009-1574", "CVE-2009-1632"); script_name(english:"openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007)"); script_summary(english:"Check for the novell-ipsec-tools-1007 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=498859" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=504186" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=506710" ); script_set_attribute( attribute:"solution", value:"Update the affected novell-ipsec-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:novell-ipsec-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.1", reference:"novell-ipsec-tools-0.7.1-2.5.1") ) flag++; if ( rpm_check(release:"SUSE11.1", reference:"novell-ipsec-tools-devel-0.7.1-2.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "novell-ipsec-tools"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200905-03.NASL description The remote host is affected by the vulnerability described in GLSA-200905-03 (IPSec Tools: Denial of Service) The following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools: Neil Kettle reported that racoon/isakmp_frag.c is prone to a NULL pointer dereference (CVE-2009-1574). Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632). Impact : A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 38884 published 2009-05-26 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/38884 title GLSA-200905-03 : IPSec Tools: Denial of Service NASL family SuSE Local Security Checks NASL id SUSE_11_NOVELL-IPSEC-TOOLS-090616.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 41440 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41440 title SuSE 11 Security Update : Novell ipsec tools (SAT Patch Number 1006) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1804.NASL description Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1574 Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks. - CVE-2009-1632 Various memory leaks in the X.509 certificate authentication handling and the NAT-Traversal keepalive implementation can result in memory exhaustion and thus denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 38861 published 2009-05-22 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38861 title Debian DSA-1804-1 : ipsec-tools - NULL pointer dereference, memory leaks NASL family SuSE Local Security Checks NASL id SUSE_11_0_IPSEC-TOOLS-090613.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 39993 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39993 title openSUSE Security Update : ipsec-tools (ipsec-tools-996) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2009-0010.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. CVE-2009-1632 Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. CVE-2008-3651 Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. CVE-2008-3652 src/racoon/handler.c in racoon in ipsec-tools does not remove an last seen 2020-06-01 modified 2020-06-02 plugin id 79457 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79457 title OracleVM 2.1 : ipsec-tools (OVMSA-2009-0010) NASL family SuSE Local Security Checks NASL id SUSE_11_1_IPSEC-TOOLS-090613.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 40233 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40233 title openSUSE Security Update : ipsec-tools (ipsec-tools-996) NASL family MacOS X Local Security Checks NASL id MACOSX_10_6_2.NASL description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion last seen 2020-06-01 modified 2020-06-02 plugin id 42434 published 2009-11-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42434 title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1036.NASL description An updated ipsec-tools package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 38819 published 2009-05-19 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38819 title RHEL 5 : ipsec-tools (RHSA-2009:1036) NASL family SuSE Local Security Checks NASL id SUSE_11_IPSEC-TOOLS-090613.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 41403 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41403 title SuSE 11 Security Update : ipsec-tools (SAT Patch Number 998) NASL family Scientific Linux Local Security Checks NASL id SL_20090518_IPSEC_TOOLS_ON_SL5_X.NASL description A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users must restart the racoon daemon for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60585 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60585 title Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_NOVELL-IPSEC-TOOLS-6306.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 51759 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51759 title SuSE 10 Security Update : Novell ipsec tools (ZYPP Patch Number 6306) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-785-1.NASL description It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. (CVE-2009-1574) It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service. (CVE-2009-1632). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39353 published 2009-06-10 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39353 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ipsec-tools vulnerabilities (USN-785-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_NOVELL-IPSEC-TOOLS-090616.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 40081 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40081 title openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007) NASL family SuSE Local Security Checks NASL id SUSE_NOVELL-IPSEC-TOOLS-6307.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 42025 published 2009-10-06 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42025 title openSUSE 10 Security Update : novell-ipsec-tools (novell-ipsec-tools-6307) NASL family SuSE Local Security Checks NASL id SUSE_IPSEC-TOOLS-6302.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 39514 published 2009-06-25 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39514 title openSUSE 10 Security Update : ipsec-tools (ipsec-tools-6302) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1036.NASL description From Red Hat Security Advisory 2009:1036 : An updated ipsec-tools package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67859 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67859 title Oracle Linux 5 : ipsec-tools (ELSA-2009-1036) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1036.NASL description An updated ipsec-tools package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43749 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43749 title CentOS 5 : ipsec-tools (CESA-2009:1036) NASL family SuSE Local Security Checks NASL id SUSE_IPSEC-TOOLS-6301.NASL description This update of ipsec-tools fixes a crash of racoon in ISAKMP last seen 2020-06-01 modified 2020-06-02 plugin id 41523 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41523 title SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 6301) NASL family SuSE Local Security Checks NASL id SUSE9_12438.NASL description This update of ipsec-tools fixes multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632) last seen 2020-06-01 modified 2020-06-02 plugin id 41305 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41305 title SuSE9 Security Update : ipsec-tools (YOU Patch Number 12438)
Oval
| accepted | 2013-04-29T04:06:51.444-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10581 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://marc.info/?l=oss-security&m=124101704828036&w=2
- http://secunia.com/advisories/35153
- http://secunia.com/advisories/35159
- http://secunia.com/advisories/35212
- http://secunia.com/advisories/35404
- http://secunia.com/advisories/35685
- http://security.gentoo.org/glsa/glsa-200905-03.xml
- http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce
- http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611
- http://support.apple.com/kb/HT3937
- http://www.debian.org/security/2009/dsa-1804
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:114
- http://www.openwall.com/lists/oss-security/2009/05/12/3
- http://www.redhat.com/support/errata/RHSA-2009-1036.html
- http://www.securityfocus.com/bid/34765
- http://www.ubuntu.com/usn/USN-785-1
- http://www.vupen.com/english/advisories/2009/3184
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581
- https://trac.ipsec-tools.net/ticket/303