| Summary: | <net-firewall/ipsec-tools-0.7.2 fragmentation remote DoS (CVE-2009-{1574,1632}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | dragonheart, maintainer-needed |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611 | ||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Robert Buchholz (RETIRED)
2009-04-22 18:57:24 UTC
+ipsec-tools-0.7.2.ebuild amd64/x86 stable sparc stable ppc done vote yes for constancy with bug #232831 *** Bug 268841 has been marked as a duplicate of this bug. *** Name: CVE-2009-1574 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. Got rid of the two old vulnerable versions. Voting YES for a GLSA. Yes, too. Request filed. CVE-2009-1632 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1632): Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. GLSA 200905-03 |
