IPSec Tools: Denial of Service

Security Team Contact Address

Updated May 24, 2009

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200905-03 / ipsec-tools
Release Date	May 24, 2009
Latest Revision	May 24, 2009: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
net-firewall/ipsec-tools	< 0.7.2	>= 0.7.2	All supported architectures

Related bugreports: #267135

Synopsis

Multiple errors in the IPSec Tools racoon daemon might allow remote attackers to cause a Denial of Service.

2. Impact Information

Background

The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections.

Description

The following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools:

Neil Kettle reported that racoon/isakmp_frag.c is prone to a null-pointer dereference (CVE-2009-1574).
Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632).

Impact

A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All IPSec Tools users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.2"

4. References