Gentoo Archives: gentoo-announce

From: Matthias Geerdsen <vorlon@g.o>
To: gentoo-announce@××××××××××××.org
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200503-33 ] IPsec-Tools: racoon Denial of Service
Date: Fri, 25 Mar 2005 18:25:16
Message-Id: 20050325182513.GA29484@kosh.atw.wh.local
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200503-33
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: IPsec-Tools: racoon Denial of Service
9 Date: March 25, 2005
10 Bugs: #84479
11 ID: 200503-33
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 IPsec-Tools' racoon is affected by a remote Denial of Service
19 vulnerability.
20
21 Background
22 ==========
23
24 IPsec-Tools is a port of KAME's implementation of the IPsec utilities.
25 It contains a collection of network monitoring tools, including racoon,
26 ping, and ping6.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 net-firewall/ipsec-tools < 0.5-r1 *>= 0.4-r1
35 >= 0.5-r1
36
37 Description
38 ===========
39
40 Sebastian Krahmer has reported a potential remote Denial of Service
41 vulnerability in the ISAKMP header parsing code of racoon.
42
43 Impact
44 ======
45
46 An attacker could possibly cause a Denial of Service of racoon using a
47 specially crafted ISAKMP packet.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All IPsec-Tools users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.4-r1"
61
62 References
63 ==========
64
65 [ 1 ] CAN-2005-0398
66 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0398
67 [ 2 ] ipsec-tools-devel posting
68 http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000
69
70 Availability
71 ============
72
73 This GLSA and any updates to it are available for viewing at
74 the Gentoo Security Website:
75
76 http://security.gentoo.org/glsa/glsa-200503-33.xml
77
78 Concerns?
79 =========
80
81 Security is a primary focus of Gentoo Linux and ensuring the
82 confidentiality and security of our users machines is of utmost
83 importance to us. Any security concerns should be addressed to
84 security@g.o or alternatively, you may file a bug at
85 http://bugs.gentoo.org.
86
87 License
88 =======
89
90 Copyright 2005 Gentoo Foundation, Inc; referenced text
91 belongs to its owner(s).
92
93 The contents of this document are licensed under the
94 Creative Commons - Attribution / Share Alike license.
95
96 http://creativecommons.org/licenses/by-sa/2.0