236380 – CVE-2007-1841 DoS vulnerability against IPSec-tools < 0.6.6

Bug 236380 - CVE-2007-1841 DoS vulnerability against IPSec-tools < 0.6.6

Summary: CVE-2007-1841 DoS vulnerability against IPSec-tools < 0.6.6

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	ipsec-tools
Sub Component:
Version:	4.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	James Antill
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-04-13 15:00 UTC by Mike Redan
Modified:	2007-11-17 01:14 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-05-07 17:09:53 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Mike Redan 2007-04-13 15:00:53 UTC

Description of problem:
There appears to be a DoS vulnerability against ipsec-tools < 0.6.6, but I have
not seen a patch released from RedHat. Is the version that comes with RHEL4 not
vulnerable to this attack?

Version-Release number of selected component (if applicable):
< 0.6.6

How reproducible:
always

Steps to Reproduce:
there is a PoC available on the web using the PROTOS suite.
  
Actual results:
DoS

Expected results:
DoS

Additional info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841

patched by the vendor:
http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc

Comment 1 Josh Bressers 2007-05-07 17:09:53 UTC

The Security Response Team has verified that this flaw does not affect the
version of ipsec-tools shipped with Red Hat Enterprise Linux 4.  It does affect
Red Hat Enterprise Linux 5, which is being tracked via bug 235388.

Note You need to log in before you can comment on or make changes to this bug.