Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 268841

Summary: <net-firewall/ipsec-tools-0.7.2 DoS (CVE-2009-1574)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: minor CC: maintainer-needed
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=497990
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-06 18:57:46 UTC 
CVE-2009-1574 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1574):
  racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
  attackers to cause a denial of service (crash) via crafted fragmented
  packets without a payload, which triggers a NULL pointer dereference.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-06 19:03:47 UTC 
This is just not right.

*** This bug has been marked as a duplicate of bug 267135 ***