There is a validation problem in isakmp_parsewoh(). The exploit may not be able to do something else than a malloc error, or, in the worst case, a racoon crash, and it's not sure this could be done without appropriate credentials.
Created attachment 52903 [details, diff]
Patch from Yvan VANHULLEBUS.
Discovery credits go to Sebastian Krahmer (SuSE)
Patch is now public @
"Fixed a buffer underrun (CAN-2005-0398)"
latexer, plasmaroo: please bump ipsec-tools with patch.
Koon, I've just commited 0.4-r1 and 0.5-r1 with the changes. Since 0.4 has been in portage for a while, I suggest we target 0.4-r1 for stabalization in the next few days so we can have a stable fixed version.
*** Bug 85307 has been marked as a duplicate of this bug. ***
Arches, please test and mark ipsec-tools-0.4-r1 stable
Kugelfang, plasmaroo, weeve: you marked it stable last time, do you think you can test and mark this one stable as well ?
stable on amd64
x86/latexer/plasmaroo: please test and mark ipsec-tools-0.4-r1 stable on x86 if you can.
Marked stable on x86.
Security: GLSA vote needed, a vote YES
Pre-authentication remote crash -> I vote YES.