Login
Newsletter
Werbung

Sicherheit: Fehlende Längenprüfung in ipsec-tools und iputils
Aktuelle Meldungen Distributionen
Name: Fehlende Längenprüfung in ipsec-tools und iputils
ID: FEDORA-2004-132
Distribution: Fedora
Plattformen: Fedora Core 2
Datum: Do, 20. Mai 2004, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0403
Applikationen: IPsec-Tools

Originalnachricht

---------------------------------------------------------------------
Fedora Security Update Notification
FEDORA-2004-132
2004-05-19
---------------------------------------------------------------------

Product : Fedora Core 2
Name : ipsec-tools
Version : 0.2.5
Release : 2
Summary : Tools for configuring and using IPSEC
Description :
This is the IPsec-Tools package. You need this package in order to
really use the IPsec functionality in the linux-2.5+ kernels. This
package builds:

- libipsec, a PFKeyV2 library
- setkey, a program to directly manipulate policies and SAs
- racoon, an IKEv1 keying daemon

---------------------------------------------------------------------
Update Information:

An updated ipsec-tools package that fixes vulnerabilities in racoon (the
ISAKMP daemon) is now available.

When ipsec-tools receives an ISAKMP header, it will attempt to allocate
sufficient memory for the entire ISAKMP message according to the header's
length field. If an attacker crafts an ISAKMP header with a extremely large
value in the length field, racoon may exceed operating system resource
limits and be terminated, resulting in a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0403 to this issue.
---------------------------------------------------------------------
* Wed Apr 14 2004 Bill Nottingham <notting@redhat.com> - 0.2.5-2

- add patch for potential remote DoS (CAN-2004-0403)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

3e2e04aca6ff5ad9b87a58f360b5bdfd SRPMS/ipsec-tools-0.2.5-2.src.rpm
b5cf2f91174df9363be3fae649278f33 i386/ipsec-tools-0.2.5-2.i386.rpm
9f0262afaad8669bb6d194874845ba19
i386/debug/ipsec-tools-debuginfo-0.2.5-2.i386.rpm
4783879e9aa712ddd98373aad9429333 x86_64/ipsec-tools-0.2.5-2.x86_64.rpm
7447cbdca523ad5b185d697388386f2e
x86_64/debug/ipsec-tools-debuginfo-0.2.5-2.x86_64.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------


--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung