Vigil@nce: IPsec Tools, denials of service
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can generate several denials of service in IPsec Tools.
Consequences: denial of service of service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Number of vulnerabilities in this bulletin: 3
Creation date: 30/04/2009
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The IPsec Tools suite implements tools for IPsec. It contains several vulnerabilities.
The isakmp_frag_extract() function of the isakmp_frag.c file does not check if the size indicated in a fragment is longer than the fragment. [grav:2/4; CVE-2009-1574]
An attacker with a valid certificate can generate a memory leak in the eay_check_x509sign() function of crypto_openssl.c. [grav:1/4]
An attacker can generate a memory leak in natt_keepalive_send() and natt_keepalive_remove() functions of nattraversal.c. [grav:2/4]
An attacker can therefore generate several denials of service in IPsec Tools.
Identifiers: BID-34765, CVE-2009-1574, VIGILANCE-VUL-8684