Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: IPsec Tools, denials of service

May 2009 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can generate several denials of service in IPsec Tools.

Severity: 2/4

Consequences: denial of service of service

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 3

Creation date: 30/04/2009

IMPACTED PRODUCTS

- Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The IPsec Tools suite implements tools for IPsec. It contains several vulnerabilities.

The isakmp_frag_extract() function of the isakmp_frag.c file does not check if the size indicated in a fragment is longer than the fragment. [grav:2/4; CVE-2009-1574]

An attacker with a valid certificate can generate a memory leak in the eay_check_x509sign() function of crypto_openssl.c. [grav:1/4]

An attacker can generate a memory leak in natt_keepalive_send() and natt_keepalive_remove() functions of nattraversal.c. [grav:2/4]

An attacker can therefore generate several denials of service in IPsec Tools.

CHARACTERISTICS

Identifiers: BID-34765, CVE-2009-1574, VIGILANCE-VUL-8684

http://vigilance.fr/vulnerability/IPsec-Tools-denials-of-service-8684




See previous articles

    

See next articles