ipsec-tools upstream released 0.7.1 including a fix for a memory leak in racoon daemon triggered by the invalid proposals, possibly resulting in a denial of service once daemon runs out of memory. References: http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2 http://bugs.gentoo.org/show_bug.cgi?id=232831 Upstream patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/proposal.c.diff?r1=1.15&r2=1.16&f=h http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/ChangeLog.diff?r1=1.169&r2=1.170&f=h
The leaks patched in the mentioned patch can happen only when phase 1 is completed. That means the attacker would have to be authenticated to be able to make the leaks happen.
Any guess on what "some configurations" could mean from the upstream announcement?
I am not sure about that - it seems to me that in almost any configuration the responder of the IKE negotiation is vulnerable. But as I said in the comment #2 this problem is in the Phase 2 exchange so that means the attacker has to be already authenticated.
Created attachment 314117 [details] Patch from upstream CVS
CVE id CVE-2008-3651 was assigned to this issue: Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
ipsec-tools-0.7.1-5.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/ipsec-tools-0.7.1-5.fc8
ipsec-tools-0.7.1-5.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/ipsec-tools-0.7.1-5.fc9
ipsec-tools-0.7.1-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ipsec-tools-0.7.1-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0849.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-9016 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-9007