Bug 500886 (CVE-2009-1632) - CVE-2009-1632 ipsec-tools: multiple memory leaks fixed in 0.7.2
Summary: CVE-2009-1632 ipsec-tools: multiple memory leaks fixed in 0.7.2
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-1632
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-05-14 17:36 UTC by Tomas Hoger
Modified: 2019-09-29 12:30 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-16 18:05:41 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1036 normal SHIPPED_LIVE Important: ipsec-tools security update 2009-05-18 20:09:51 UTC

Description Tomas Hoger 2009-05-14 17:36:43 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1632 to the following vulnerability:

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
attackers to cause a denial of service (memory consumption) via
vectors involving (1) signature verification during user
authentication with X.509 certificates, related to the
eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2)
the NAT-Traversal (aka NAT-T) keepalive implementation, related to
src/racoon/nattraversal.c.

Announcement of new release:
http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611
http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce

RSA authentication patch and upstream bug:
https://trac.ipsec-tools.net/ticket/303
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h

NAT traversal patch:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h

References:
http://thread.gmane.org/gmane.comp.security.oss.general/1716

Comment 1 errata-xmlrpc 2009-05-18 20:09:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2009:1036 https://rhn.redhat.com/errata/RHSA-2009-1036.html

Comment 3 Josh Bressers 2011-08-16 18:05:41 UTC
I'm wontfixing this for RHEL4. RHEL5 was updated already.


Note You need to log in before you can comment on or make changes to this bug.