[Secure-testing-team] Bug#528933: CVE-2009-1632: Multiple memory leaks in Ipsec-tools before 0.7.2
Giuseppe Iuculano
giuseppe at iuculano.it
Sat May 16 13:35:08 UTC 2009
Package: ipsec-tools
Version: 1:0.7.1-1.4
Severity: important
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.
CVE-2009-1632[0]:
| Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
| attackers to cause a denial of service (memory consumption) via
| vectors involving (1) signature verification during user
| authentication with X.509 certificates, related to the
| eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
| the NAT-Traversal (aka NAT-T) keepalive implementation, related to
| src/racoon/nattraversal.c.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For the moment set only important as severity because 1:0.7.1-1.4 needs to
migrate in testing, and I don't know if an RC bug could interfere.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632
http://security-tracker.debian.net/tracker/CVE-2009-1632
http://marc.info/?l=oss-security&m=124101704828036&w=2
Patches:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoOwQkACgkQNxpp46476apwggCeOsGCHxZDseuTaVSqy8cxcXRa
SJgAn2CKMUqdfUBs9y30R2puUlh2fwpu
=oQ8G
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list