Description of problem: There appears to be a DoS vulnerability against ipsec-tools < 0.6.6, but I have not seen a patch released from RedHat. Is the version that comes with RHEL4 not vulnerable to this attack? Version-Release number of selected component (if applicable): < 0.6.6 How reproducible: always Steps to Reproduce: there is a PoC available on the web using the PROTOS suite. Actual results: DoS Expected results: DoS Additional info: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841 patched by the vendor: http://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inc
The Security Response Team has verified that this flaw does not affect the version of ipsec-tools shipped with Red Hat Enterprise Linux 4. It does affect Red Hat Enterprise Linux 5, which is being tracked via bug 235388.