Package name
ipsec-tools
Date
2009-05-18
Advisory ID
MDVSA-2009:114
Affected versions
CS4.0 x86_64 , MNF2.0 i586 , CS4.0 i586

Problem description

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
attackers to cause a denial of service (memory consumption) via vectors
involving (1) signature verification during user authentication with
X.509 certificates, related to the eay_check_x509sign function in
src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T)
keepalive implementation, related to src/racoon/nattraversal.c
(CVE-2009-1632).

The updated packages have been patched to prevent this.

Updated packages

CS4.0 x86_64

 a1ccfd8a891340f52aa2f64d69e46e47  corporate/4.0/x86_64/ipsec-tools-0.6.5-2.4.20060mlcs4.x86_64.rpm
 44ed76407c8633fcea7f4a3ab94f1842  corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.4.20060mlcs4.x86_64.rpm
 d7a3ecf831ecfcbc1319558303a1be17  corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.4.20060mlcs4.x86_64.rpm 
 0e9a4820ef81a4917d9c0a9c5befa27b  corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm

MNF2.0 i586

 f43aaba27d5ff88b38db39ebeaaaf5cd  mnf/2.0/i586/ipsec-tools-0.2.5-0.7.M20mdk.i586.rpm
 fb19d1e75fd8f08ce9dc1586cdf9fa3b  mnf/2.0/i586/libipsec-tools0-0.2.5-0.7.M20mdk.i586.rpm 
 2db168e39d44b361bab9ada981edaa90  mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.7.M20mdk.src.rpm

CS4.0 i586

 4ccc0eafc222a8a5976a0e9eebbc7499  corporate/4.0/i586/ipsec-tools-0.6.5-2.4.20060mlcs4.i586.rpm
 f244df60a927a7aa4a539c2e8d9c699a  corporate/4.0/i586/libipsec0-0.6.5-2.4.20060mlcs4.i586.rpm
 95443caad35eb54d1f291f7368aac511  corporate/4.0/i586/libipsec0-devel-0.6.5-2.4.20060mlcs4.i586.rpm 
 0e9a4820ef81a4917d9c0a9c5befa27b  corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.4.20060mlcs4.src.rpm

References