Red Hat Bugzilla – Bug 238052
CVE-2007-1841 ipsec-tools racoon DoS
Last modified: 2007-11-30 17:12:03 EST
+++ This bug was initially created as a clone of Bug #235388 +++
Apple reported a denial of service flaw in the ipsec-tools racoon. It is
possible for a remote attacker to invalidate an ipsec tunnel between two
machines. According to upstream:
Anybody who can:
- guess that A and B have established an IPSec tunnel
- guess some basic informations about phase1 (or who is ready to do
some quick bruteforce....)
- send packed to A which appears to come from B
Can invalidate that tunnel at any time.
-- Additional comment from firstname.lastname@example.org on 2007-04-05 11:11 EST --
Created an attachment (id=151768)
Proposed upstream patch
This flaw should also affect FC5
Steve: please do push an update for FC6. Thanks.
Because this only fixed in upstream ipsec-tools 0.6.7, Fedora 7 (at version
0.6.6) may also be vulnerable.
Raising priority. This needs to be fixed.
This has been pushed as a fedora testing update, version ipsec-tools-0.6.5-8.fc6
After a few days, I'll push to the fedora update.
Steve: Could you please proceed pushing, unless you have a strong reason not to?
A new package was pushed to release team last week.