Red Hat Bugzilla – Bug 236380
CVE-2007-1841 DoS vulnerability against IPSec-tools < 0.6.6
Last modified: 2007-11-16 20:14:55 EST
Description of problem:
There appears to be a DoS vulnerability against ipsec-tools < 0.6.6, but I have
not seen a patch released from RedHat. Is the version that comes with RHEL4 not
vulnerable to this attack?
Version-Release number of selected component (if applicable):
Steps to Reproduce:
there is a PoC available on the web using the PROTOS suite.
patched by the vendor:
The Security Response Team has verified that this flaw does not affect the
version of ipsec-tools shipped with Red Hat Enterprise Linux 4. It does affect
Red Hat Enterprise Linux 5, which is being tracked via bug 235388.