Red Hat Bugzilla – Bug 458846
CVE-2008-3652 ipsec-tools: racoon orphaned ph1s memory leak
Last modified: 2016-03-04 07:04:32 EST
A flaw was discovered in the manner which racoon deals with ohphaned ph1s. The initial report of this states:
Currently racoon does not remove orphaned ph1s initiated
by a remote side. This creates a lot of problems, as
such ph1s may stuck nearly forever.
The thread can be found here:
Created attachment 314120 [details]
Upstream patch from CVS
CVE id CVE-2008-3652 was assigned to this issue:
src/racoon/handler.c in racoon in ipsec-tools does not remove an
"orphaned ph1" (phase 1) handle when it has been initiated remotely,
which allows remote attackers to cause a denial of service (resource
ipsec-tools-0.7.1-5.fc8 has been submitted as an update for Fedora 8.
ipsec-tools-0.7.1-5.fc9 has been submitted as an update for Fedora 9.
ipsec-tools-0.7.1-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
ipsec-tools-0.7.1-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Red Hat Enterprise Linux: