Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 48847

Summary: ipsec-tools < 0.3.1 contain a remote DoS based using malformed isakmp packets
Product: Gentoo Security Reporter: Peter Johanson (RETIRED) <latexer>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Severity: normal CC: sparc
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Package list:
Runtime testing required: ---

Description Peter Johanson (RETIRED) gentoo-dev 2004-04-23 21:38:10 UTC
Yet another ipsec-tools issue guys!

Please see CAN-2004-0403.

What: racoon contains an issue with handling of ISAKMP packets. Malformed packets that have an overly large length field can consume system resources, causing a DoS.

Resolution: Upgrade to 0.3.1 which includes a check for overly large length fields.

I've justa added this in ~x86 (no stable version for x86 yet) and have bugged both amd64 and sparc people for testing. Once they've added keywords i'll remove 0.2.5 from the tree. Need anything else from me?
Comment 1 Jason Huebel (RETIRED) gentoo-dev 2004-04-23 22:21:12 UTC
marked ~amd64
Comment 2 Jason Huebel (RETIRED) gentoo-dev 2004-04-23 22:23:03 UTC
sorry, re-marked it amd64... :-/
Comment 3 Kurt Lieber (RETIRED) gentoo-dev 2004-04-23 22:43:05 UTC
Draft GLSA is ready for review.  As soon as a couple of other folks from the security team have reviewed it for accuracy, we'll send it out.
Comment 4 SpanKY gentoo-dev 2004-04-23 23:32:02 UTC
this reminded me of the fact that iputils-021109 comes packaged with racoon

since ipsec-tools exists to install racoon and such, and we dont know *when* the next upstream release will be of iputils, i've removed racoon from iputils-021109 starting with -r3

not a big deal since the two ebuilds were clobbering each other anyways and thats a no no ;)
Comment 5 Kurt Lieber (RETIRED) gentoo-dev 2004-04-24 00:03:14 UTC
glsa 20040417