Gentoo Bug 48847 - ipsec-tools < 0.3.1 contain a remote DoS based using malformed isakmp packets

First Last Prev Next No search results available Search page Enter new bug

Bug#:	48847
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Peter Johanson (RETIRED) <latexer@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 48847 depends on:			Show dependency tree
Bug 48847 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-04-23 21:38 0000

Yet another ipsec-tools issue guys!

Please see CAN-2004-0403.

What: racoon contains an issue with handling of ISAKMP packets. Malformed packets that have an overly large length field can consume system resources, causing a DoS.

Resolution: Upgrade to 0.3.1 which includes a check for overly large length fields.

I've justa added this in ~x86 (no stable version for x86 yet) and have bugged both amd64 and sparc people for testing. Once they've added keywords i'll remove 0.2.5 from the tree. Need anything else from me?

------- Comment #1 From Jason Huebel (RETIRED) 2004-04-23 22:21:12 0000 -------

marked ~amd64

------- Comment #2 From Jason Huebel (RETIRED) 2004-04-23 22:23:03 0000 -------

sorry, re-marked it amd64... :-/

------- Comment #3 From Kurt Lieber 2004-04-23 22:43:05 0000 -------

Draft GLSA is ready for review.  As soon as a couple of other folks from the
security team have reviewed it for accuracy, we'll send it out.

------- Comment #4 From SpanKY 2004-04-23 23:32:02 0000 -------

this reminded me of the fact that iputils-021109 comes packaged with racoon

since ipsec-tools exists to install racoon and such, and we dont know *when* the next upstream release will be of iputils, i've removed racoon from iputils-021109 starting with -r3

not a big deal since the two ebuilds were clobbering each other anyways and thats a no no ;)

------- Comment #5 From Kurt Lieber 2004-04-24 00:03:14 0000 -------

glsa 20040417

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 48847

ipsec-tools < 0.3.1 contain a remote DoS based using malformed isakmp packets

Last modified: 2004-04-24 00:03:14 0000