Bug 174165 - CVE-2005-3671 Openswan Denial of Service
CVE-2005-3671 Openswan Denial of Service
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openswan (Show other bugs)
5
All Linux
medium Severity high
: ---
: ---
Assigned To: Harald Hoyer
impact=important,public=20051114,repo...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-25 07:38 EST by Mark J. Cox (Product Security)
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-11-25 11:49:37 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2005-11-25 07:38:25 EST
For FC5test1

+++ This bug was initially created as a clone of Bug #173165 +++

Openswan Denial of Service

NISCC has reported two Denial of Service issues in Openswan.  The
first involves a specially crafted 3DES packet with an invalid key
length.  The second is not entirely understood at this time.

The Openswan project has relased version 2.4.2 to fix the 3DES issue.

http://www.frsirt.com/english/advisories/2005/2407
http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html


This issue also affects FC3

-- Additional comment from paul@xtdnet.nl on 2005-11-21 11:09 EST --
Please do not use 2.4.2 but go to 2.4.4 directly, as this fixes the second
crasher found by the IPsec proto test suite. It is a DOS as well, but it
requires using PSK + aggressive mode and knowing the PSK (which is vulnerable to
a MITM anyway)

I will be folding back your spec changes again sometime this week.

See  http://lists.openswan.org/pipermail/announce/2005-November/000009.html

We did not incorporate your aggressive mode fixes, however various changes to
aggressive mode code were made. Please check if that solved your Cisco 3000
issues. If you still need to apply your patches, please let us know so we can
properly fix those. thanks.

-- Additional comment from updates@fedora.redhat.com on 2005-11-21 12:33 EST --
From User-Agent: XML-RPC

openswan-2.4.4-1.0.FC4.1 has been pushed for FC4, which should resolve this
issue.  If these problems are still present in this version, then please make
note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.