Bug 236380

Summary: CVE-2007-1841 DoS vulnerability against IPSec-tools < 0.6.6
Product: Red Hat Enterprise Linux 4 Reporter: Mike Redan <mike.redan>
Component: ipsec-toolsAssignee: James Antill <james.antill>
Status: CLOSED NOTABUG QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 4.4   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-05-07 17:09:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Redan 2007-04-13 15:00:53 UTC 
Description of problem:
There appears to be a DoS vulnerability against ipsec-tools < 0.6.6, but I have
not seen a patch released from RedHat. Is the version that comes with RHEL4 not
vulnerable to this attack?

Version-Release number of selected component (if applicable):
< 0.6.6

How reproducible:
always

Steps to Reproduce:
there is a PoC available on the web using the PROTOS suite.
  
Actual results:
DoS

Expected results:
DoS

Additional info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841

patched by the vendor:
http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc
Comment 1 Josh Bressers 2007-05-07 17:09:53 UTC 
The Security Response Team has verified that this flaw does not affect the
version of ipsec-tools shipped with Red Hat Enterprise Linux 4.  It does affect
Red Hat Enterprise Linux 5, which is being tracked via bug 235388.