Bug 500886 (CVE-2009-1632)

Summary: CVE-2009-1632 ipsec-tools: multiple memory leaks fixed in 0.7.2
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bressers, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1632
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-16 18:05:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2009-05-14 17:36:43 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1632 to the following vulnerability:

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
attackers to cause a denial of service (memory consumption) via
vectors involving (1) signature verification during user
authentication with X.509 certificates, related to the
eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
the NAT-Traversal (aka NAT-T) keepalive implementation, related to
src/racoon/nattraversal.c.

Announcement of new release:
http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611
http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce

RSA authentication patch and upstream bug:
https://trac.ipsec-tools.net/ticket/303
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h

NAT traversal patch:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h

References:
http://thread.gmane.org/gmane.comp.security.oss.general/1716

Comment 1 errata-xmlrpc 2009-05-18 20:09:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1036 https://rhn.redhat.com/errata/RHSA-2009-1036.html

Comment 3 Josh Bressers 2011-08-16 18:05:41 UTC
I'm wontfixing this for RHEL4. RHEL5 was updated already.