IPsec-Tools isakmp_info_recv() Function Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1018086
|
|
SecurityTracker URL: http://securitytracker.com/id?1018086
|
|
CVE Reference: CVE-2007-1841
(Links to External Site)
|
Date: May 18 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 0.6.x prior to 0.6.7
|
Description: A vulnerability was reported in IPsec-Tools. A remote user can cause denial of service conditions.
A remote user can send specially crafted data to trigger a flaw in the isakmp_info_recv() function in 'src/racoon/isakmp_inf.c' and
cause the target tunnel to crash. Specially crafted DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N) messages sent during
phase 1 can be used to exploit this flaw.
Aaron Sigel from Apple reported this vulnerability.
|
Impact: A remote user can cause tunnels to crash.
|
Solution: The vendor has issued a fixed version (0.6.7).
|
Vendor URL: ipsec-tools.sourceforge.net/ (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: VANHULLEBUS Yvan <vanhu@nohost.nodomain>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: 2007-04-06 12:37
From: VANHULLEBUS Yvan <vanhu@nohost.nodomain>
Subject: [Ipsec-tools-devel] [Security update] Ipsec-tools 0.6.7 released
|
Hi all.
Ipsec-tools 0.6.7 is out, with a fix for a Denial of Service reported
by Apple team, which is quite easy to exploit (CVE-2007-1841).
Everybody using any 0.6.x is advised to upgrade quickly to this
version !
This version also includes a better SHA256 detection on some systems.
Archive is available here
http://prdownloads.sourceforge.net/ipsec-tools/ipsec-tools-0.6.7.tar.bz2
and here
ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.6.7/ipsec-tools-0.6.7.tar.bz2
(please have a look at http://www.netbsd.org/mirrors/#ftp).
Yvan, ipsec-tools developer team.
|
|
