(IPSec-Tools Issues Fix) Racoon Input Validation Error in ISAKMP Generic Header Length Field Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1013547 |
|
SecurityTracker URL: http://securitytracker.com/id/1013547
|
|
CVE Reference:
CAN-2005-0398
(Links to External Site)
|
Date: Mar 24 2005
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 0.5.1
|
Description:
A vulnerability was reported in Racoon in the parsing of ISAKMP headers. A remote user can cause the target process to crash. IPSec-Tools is affected.
The software does not properly validate the length field in the user-supplied generic header. A remote user can send a specially crafted header to cause the target ISAKMP service to crash. A remote server can also send a specially crafted header to a connected initiator to cause the initiator's ISAKMP service to crash. Authentication is not required.
ISKMP inform, quick, and base modes are affected.
The flaw resides in 'isakmp_quick.c', 'oakley.c', 'ipsec_doi.c', and 'isakmp.c'.
|
Impact:
A remote user can cause the target Racoon ISAKMP process to crash.
|
Solution:
A fixed version of IPSec-Tools (0.5.1) is available at:
https://sourceforge.net/project/showfiles.php?group_id=74601
|
Vendor URL: ipsec-tools.sourceforge.net/ (Links to External Site)
|
Cause:
Boundary error, Exception handling error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 24 Mar 2005 02:06:26 -0500
Subject: http://sourceforge.net/project/shownotes.php?release_id=314829
|
> 0.5.1 - 23 March 2005
> o Security fix (CAN-2005-0398)
|
|
