ipsec-tools upstream released 0.7.1 including a fix for a memory leak in racoon
daemon triggered by the invalid proposals, possibly resulting in a denial of
service once daemon runs out of memory.
The leaks patched in the mentioned patch can happen only when phase 1 is
completed. That means the attacker would have to be authenticated to be able to
make the leaks happen.
Any guess on what "some configurations" could mean from the upstream announcement?
I am not sure about that - it seems to me that in almost any configuration the responder of the IKE negotiation is vulnerable. But as I said in the comment #2 this problem is in the Phase 2 exchange so that means the attacker has to be already authenticated.
Created attachment 314117 [details]
Patch from upstream CVS
CVE id CVE-2008-3651 was assigned to this issue:
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools
before 0.7.1 allows remote authenticated users to cause a denial of
service (memory consumption) via invalid proposals.
ipsec-tools-0.7.1-5.fc8 has been submitted as an update for Fedora 8.
ipsec-tools-0.7.1-5.fc9 has been submitted as an update for Fedora 9.
ipsec-tools-0.7.1-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ipsec-tools-0.7.1-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: