Bug 458846 (CVE-2008-3652)

Summary: CVE-2008-3652 ipsec-tools: racoon orphaned ph1s memory leak
Product: [Other] Security Response Reporter: Josh Bressers <bressers>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: kreilly, skakar, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-07 08:11:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 458853, 458854, 458855, 458856, 458857, 465472, 465473, 465474    
Bug Blocks:    
Attachments:
Description Flags
Upstream patch from CVS none

Description Josh Bressers 2008-08-12 17:21:47 UTC 
A flaw was discovered in the manner which racoon deals with ohphaned ph1s.  The initial report of this states:
    Currently racoon does not remove orphaned ph1s initiated
    by a remote side. This creates a lot of problems, as
    such ph1s may stuck nearly forever.

The thread can be found here:
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
Comment 1 Josh Bressers 2008-08-12 17:27:04 UTC 
Created attachment 314120 [details]
Upstream patch from CVS
Comment 3 Tomas Hoger 2008-08-13 07:17:16 UTC 
CVE id CVE-2008-3652 was assigned to this issue:

src/racoon/handler.c in racoon in ipsec-tools does not remove an
"orphaned ph1" (phase 1) handle when it has been initiated remotely,
which allows remote attackers to cause a denial of service (resource
consumption).
Comment 6 Fedora Update System 2008-10-18 12:07:17 UTC 
ipsec-tools-0.7.1-5.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/ipsec-tools-0.7.1-5.fc8
Comment 7 Fedora Update System 2008-10-18 12:08:26 UTC 
ipsec-tools-0.7.1-5.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/ipsec-tools-0.7.1-5.fc9
Comment 8 Fedora Update System 2008-11-07 02:53:06 UTC 
ipsec-tools-0.7.1-5.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2008-11-07 02:58:10 UTC 
ipsec-tools-0.7.1-5.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Red Hat Product Security 2008-11-07 08:11:56 UTC 
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0849.html

Fedora:
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9016
  https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9007