+++ This bug was initially created as a clone of Bug #235388 +++ Apple reported a denial of service flaw in the ipsec-tools racoon. It is possible for a remote attacker to invalidate an ipsec tunnel between two machines. According to upstream: Anybody who can: - guess that A and B have established an IPSec tunnel - guess some basic informations about phase1 (or who is ready to do some quick bruteforce....) - send packed to A which appears to come from B Can invalidate that tunnel at any time. -- Additional comment from bressers on 2007-04-05 11:11 EST -- Created an attachment (id=151768) Proposed upstream patch
This flaw should also affect FC5
Steve: please do push an update for FC6. Thanks.
Because this only fixed in upstream ipsec-tools 0.6.7, Fedora 7 (at version 0.6.6) may also be vulnerable.
Raising priority. This needs to be fixed.
This has been pushed as a fedora testing update, version ipsec-tools-0.6.5-8.fc6 After a few days, I'll push to the fedora update.
Steve: Could you please proceed pushing, unless you have a strong reason not to?
A new package was pushed to release team last week.