[Secure-testing-team] Bug#495214: CVE-2008-3651: memory leak
Steffen Joeris
steffen.joeris at skolelinux.de
Fri Aug 15 12:56:26 UTC 2008
Package: ipsec-tools
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2008-3651[0]:
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools
| before 0.7.1 allows remote authenticated users to cause a denial of
| service (memory consumption) via invalid proposals.
There is an upstream discussion going on here[1].
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651
http://security-tracker.debian.net/tracker/CVE-2008-3651
[1] http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
More information about the Secure-testing-team
mailing list