ID CVE-2009-1574
Summary racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
References
Vulnerable Configurations
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.2
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.2
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.3
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.3
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.4
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.2.4
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.3
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.3
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.2
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.4:rc1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.4:rc1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.5
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.5
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.4
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.4
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.2
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.3
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.3
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.4
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.4
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.5
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.5
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.6
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.6
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.7
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.7
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.7.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.7.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc2
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc3
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc3
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc5
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc5
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc4
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.3:rc4
CVSS
Base: 5.0 (as of 07-05-2009 - 09:32)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description ipsec-tools racoon frag-isakmp Denial of Service PoC. CVE-2009-1574. Dos exploits for multiple platform
id EDB-ID:8669
last seen 2016-02-01
modified 2009-05-13
published 2009-05-13
reporter mu-b
source https://www.exploit-db.com/download/8669/
title ipsec-tools racoon frag-isakmp Denial of Service PoC
nessus via4
  • NASL family Misc.
    NASL id AIRPORT_FIRMWARE_7_5_2.NASL
    description According to the firmware version collected via SNMP, the remote Apple Time Capsule / AirPort Base Station / AirPort Extreme Base Station is affected by multiple remote vulnerabilities. - An integer overflow exists in the 'netsnmp_create_subtree_cache' function that can be exploited using a specially crafted SNMPv3 packet to crash the SNMP server. (CVE-2008-4309) - A remote attacker may be able to crash the racoon daemon by sending specially crafted fragmented ISAKMP packets, thereby triggering a NULL pointer dereference. (CVE-2009-1574) - By sending a large number of Router Advertisement (RA) and Neighbor Discovery (ND) packets, an attacker on the local network can exhaust the base station's resources, causing it to restart unexpectedly. (CVE-2009-2189) - An attacker with write access to an FTP server inside the NAT may be able to use a malicious PORT command to bypass IP-based restrictions for the service. (CVE-2010-0039) - If the device has been configured to act as a bridge or configured in Network Address Translation (NAT) mode with a default host enabled (not the default), an attacker may be able to cause the device to stop responding using a specially crafted DHCP reply. (CVE-2010-1804)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 51342
    published 2010-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51342
    title Apple Time Capsule and AirPort Base Station Firmware < 7.5.2 (APPLE-SA-2010-12-16-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4291.NASL
    description Minor version update from upstream fixing remote DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38809
    published 2009-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38809
    title Fedora 9 : ipsec-tools-0.7.2-1.fc9 (2009-4291)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4298.NASL
    description Minor version update from upstream fixing remote DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 38810
    published 2009-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38810
    title Fedora 10 : ipsec-tools-0.7.2-1.fc10 (2009-4298)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-4394.NASL
    description Minor version update from upstream fixing remote DoS. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 38811
    published 2009-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38811
    title Fedora 11 : ipsec-tools-0.7.2-1.fc11 (2009-4394)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_6_2.NASL
    description The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42434
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42434
    title Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-006.NASL
    description The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 42433
    published 2009-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42433
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1036.NASL
    description An updated ipsec-tools package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43749
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43749
    title CentOS 5 : ipsec-tools (CESA-2009:1036)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-112.NASL
    description racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference (CVE-2009-1574). Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been patched to address this issue. Additionally the flex package required for building ipsec-tools has been fixed due to ipsec-tools build problems and is also available with this update. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38767
    published 2009-05-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38767
    title Mandriva Linux Security Advisory : ipsec-tools (MDVSA-2009:112-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IPSEC-TOOLS-6302.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 39514
    published 2009-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39514
    title openSUSE 10 Security Update : ipsec-tools (ipsec-tools-6302)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_IPSEC-TOOLS-090613.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 41403
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41403
    title SuSE 11 Security Update : ipsec-tools (SAT Patch Number 998)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-785-1.NASL
    description It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. (CVE-2009-1574) It was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service. (CVE-2009-1632). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 39353
    published 2009-06-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39353
    title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ipsec-tools vulnerabilities (USN-785-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2009-0010.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. CVE-2009-1632 Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. CVE-2008-3651 Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. CVE-2008-3652 src/racoon/handler.c in racoon in ipsec-tools does not remove an 'orphaned ph1' (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). - fix nul dereference in frag code and some memory leaks (#497990) - also do not destroy ports in ph2 (#231604) - improved fix for cleanup of IPSEC SAs in SADB (#231604) - fix cleanup of IPSEC SAs in SADB (#231604) - fix segfault in timer (#378551) - handle new interfaces immediately (#247301) - eliminate debug logging overhead when log level is lower (#248567) - use the adminsock_path as specified on the command line (#247294) - link only necessary libraries (#458631) - make racoon PIE executable (#210023) - fix for DoS through various memory leaks (CVE-2008-3651 #456660, CVE-2008-3652 #458846) - use the current kernel headers instead of the private copy (#446979) - Resolves: rhbz#435803 - update pfkeyv2.h with new #defines
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79457
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79457
    title OracleVM 2.1 : ipsec-tools (OVMSA-2009-0010)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090518_IPSEC_TOOLS_ON_SL5_X.NASL
    description A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users must restart the racoon daemon for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60585
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60585
    title Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NOVELL-IPSEC-TOOLS-6306.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 51759
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51759
    title SuSE 10 Security Update : Novell ipsec tools (ZYPP Patch Number 6306)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_IPSEC-TOOLS-090613.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 40233
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40233
    title openSUSE Security Update : ipsec-tools (ipsec-tools-996)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_NOVELL-IPSEC-TOOLS-6307.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 42025
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42025
    title openSUSE 10 Security Update : novell-ipsec-tools (novell-ipsec-tools-6307)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_IPSEC-TOOLS-090613.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 39993
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39993
    title openSUSE Security Update : ipsec-tools (ipsec-tools-996)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1036.NASL
    description From Red Hat Security Advisory 2009:1036 : An updated ipsec-tools package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67859
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67859
    title Oracle Linux 5 : ipsec-tools (ELSA-2009-1036)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_NOVELL-IPSEC-TOOLS-090616.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 40081
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40081
    title openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1036.NASL
    description An updated ipsec-tools package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 38819
    published 2009-05-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38819
    title RHEL 5 : ipsec-tools (RHSA-2009:1036)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1804.NASL
    description Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1574 Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets that contain no payload. This results in the daemon crashing which can be used for denial of service attacks. - CVE-2009-1632 Various memory leaks in the X.509 certificate authentication handling and the NAT-Traversal keepalive implementation can result in memory exhaustion and thus denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38861
    published 2009-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38861
    title Debian DSA-1804-1 : ipsec-tools - NULL pointer dereference, memory leaks
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200905-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-200905-03 (IPSec Tools: Denial of Service) The following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools: Neil Kettle reported that racoon/isakmp_frag.c is prone to a NULL pointer dereference (CVE-2009-1574). Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632). Impact : A remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 38884
    published 2009-05-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38884
    title GLSA-200905-03 : IPSec Tools: Denial of Service
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_NOVELL-IPSEC-TOOLS-090616.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 41440
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41440
    title SuSE 11 Security Update : Novell ipsec tools (SAT Patch Number 1006)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_NOVELL-IPSEC-TOOLS-090616.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 40283
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40283
    title openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IPSEC-TOOLS-6301.NASL
    description This update of ipsec-tools fixes a crash of racoon in ISAKMP's de-fragmentation code due to a NULL pointer dereference. (CVE-2009-1574) Additionally multiple memory leaks were fixed that allowed to execute a remote denial of service attack. (CVE-2009-1632)
    last seen 2019-02-21
    modified 2014-08-20
    plugin id 41523
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41523
    title SuSE 10 Security Update : ipsec-tools (ZYPP Patch Number 6301)
oval via4
accepted 2013-04-29T04:20:47.430-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
family unix
id oval:org.mitre.oval:def:9624
status accepted
submitted 2010-07-09T03:56:16-04:00
title racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
version 18
redhat via4
advisories
rhsa
id RHSA-2009:1036
rpms ipsec-tools-0:0.6.5-13.el5_3.1
refmap via4
apple
  • APPLE-SA-2009-11-09-1
  • APPLE-SA-2010-12-16-1
bid 34765
confirm
debian DSA-1804
fedora
  • FEDORA-2009-4291
  • FEDORA-2009-4298
  • FEDORA-2009-4394
gentoo GLSA-200905-03
mandriva MDVSA-2009:112
mlist
  • [oss-security] 20090429 ipsec-tools 0.7.2
  • [oss-security] 20090504 Re: ipsec-tools 0.7.2
secunia
  • 35113
  • 35153
  • 35159
  • 35212
  • 35404
  • 35685
suse SUSE-SR:2009:012
ubuntu USN-785-1
vupen ADV-2009-3184
xf ipsectools-isakmpfrag-dos(50412)
Last major update 07-12-2016 - 22:01
Published 06-05-2009 - 13:30
Last modified 28-09-2017 - 21:34
Back to Top