Bug 491895 (CVE-2009-0790)
Summary: | CVE-2009-0790 openswan: ISAKMP DPD remote DoS | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | avagarwa, kreilly, mjc, sgrubb, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-12-04 22:38:01 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 491907, 491908 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Tomas Hoger
2009-03-24 15:09:44 UTC
Created attachment 336484 [details]
Upstream patch
The version of openswan as shipped in Red Hat Enterprise Linux 5 differs from current upstream versions in the default value of plutorestartoncrash which controls automatic restart of pluto daemon after the crash. It seems that this was intended to default to yes, but mistakenly defaulted to no in certain versions. Upstream changelog mentions fix for this introduced in 2.6.15: v2.6.15 [ ... ] * Change (back) defaults of plutorestartoncrash and uniqueids from no to yes. The new parser mistakenly did not set these [paul] Defaults can be checked using the following command: ipsec addconn --configsetup To enable automatic pluto restart on crashes, plutorestartoncrash=yes needs to be added to "config setup" section of ipsec.conf. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0402 https://rhn.redhat.com/errata/RHSA-2009-0402.html Current Fedora is shipping with 2.6.21 or later, so this does not affect Fedora. |