|Summary:||ipsec-tools < 0.3.1 contain a remote DoS based using malformed isakmp packets|
|Product:||Gentoo Security||Reporter:||Peter Johanson (RETIRED) <latexer>|
|Component:||GLSA Errors||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Peter Johanson (RETIRED) 2004-04-23 21:38:10 UTC
Yet another ipsec-tools issue guys! Please see CAN-2004-0403. What: racoon contains an issue with handling of ISAKMP packets. Malformed packets that have an overly large length field can consume system resources, causing a DoS. Resolution: Upgrade to 0.3.1 which includes a check for overly large length fields. I've justa added this in ~x86 (no stable version for x86 yet) and have bugged both amd64 and sparc people for testing. Once they've added keywords i'll remove 0.2.5 from the tree. Need anything else from me?
Comment 1 Jason Huebel (RETIRED) 2004-04-23 22:21:12 UTC
Comment 2 Jason Huebel (RETIRED) 2004-04-23 22:23:03 UTC
sorry, re-marked it amd64... :-/
Comment 3 Kurt Lieber (RETIRED) 2004-04-23 22:43:05 UTC
Draft GLSA is ready for review. As soon as a couple of other folks from the security team have reviewed it for accuracy, we'll send it out.
Comment 4 SpanKY 2004-04-23 23:32:02 UTC
this reminded me of the fact that iputils-021109 comes packaged with racoon since ipsec-tools exists to install racoon and such, and we dont know *when* the next upstream release will be of iputils, i've removed racoon from iputils-021109 starting with -r3 not a big deal since the two ebuilds were clobbering each other anyways and thats a no no ;)
Comment 5 Kurt Lieber (RETIRED) 2004-04-24 00:03:14 UTC