SYNTHESIS OF THE VULNERABILITY

An attacker can generate several denials of service in IPsec Tools.

Severity: 2/4

Consequences: denial of service of service

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 3

Creation date: 30/04/2009

IMPACTED PRODUCTS

– Unix - plateform

DESCRIPTION OF THE VULNERABILITY

The IPsec Tools suite implements tools for IPsec. It contains
several vulnerabilities.

The isakmp_frag_extract() function of the isakmp_frag.c file does
not check if the size indicated in a fragment is longer than the
fragment. [grav:2/4; CVE-2009-1574]

An attacker with a valid certificate can generate a memory leak in
the eay_check_x509sign() function of crypto_openssl.c. [grav:1/4]

An attacker can generate a memory leak in natt_keepalive_send()
and natt_keepalive_remove() functions of nattraversal.c. [grav:2/4]

An attacker can therefore generate several denials of service in
IPsec Tools.

CHARACTERISTICS

Identifiers: BID-34765, CVE-2009-1574, VIGILANCE-VUL-8684

http://vigilance.fr/vulnerability/IPsec-Tools-denials-of-service-8684