Debian: DSA-1804-1: New ipsec-tools packages fix denial of service

    Date20 May 2009
    CategoryDebian
    71
    Posted ByLinuxSecurity Advisories
    Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the following problems:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-1804-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                                 Nico Golde
    May 20th, 2009                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : ipsec-tools
    Vulnerability  : null pointer dereference, memory leaks
    Problem type   : remote
    Debian-specific: no
    Debian bug     : 527634 528933
    CVE ID         : CVE-2009-1574 CVE-2009-1632
    
    Several remote vulnerabilities have been discovered in racoon, the Internet Key
    Exchange daemon of ipsec-tools.  The The Common Vulnerabilities and Exposures
    project identified the following problems:
    
    Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets
    that contain no payload.  This results in the daemon crashing which can be used
    for denial of service attacks (CVE-2009-1574).
    
    Various memory leaks in the X.509 certificate authentication handling and the
    NAT-Traversal keepalive implementation can result in memory exhaustion and
    thus denial of service (CVE-2009-1632).
    
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 0.6.6-3.1etch3.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.7.1-1.3+lenny2.
    
    For the testing distribution (squeeze), this problem will be fixed soon.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 1:0.7.1-1.5.
    
    
    We recommend that you upgrade your ipsec-tools packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc
        Size/MD5 checksum:      722 8b561cf84ac9c46ec07b037ce3ad06f1
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz
        Size/MD5 checksum:    49875 7444fb4ad448ccfffe878801a2b88d2e
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb
        Size/MD5 checksum:   343790 9cee9f8c479a3a2952d2913d7bdc4c5d
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb
        Size/MD5 checksum:    89184 5ccd4554eec28da6d933dc20a8a39393
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb
        Size/MD5 checksum:   325706 9ce7988b74bccee252be7dac7ac8b5f7
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb
        Size/MD5 checksum:    89748 513ded0e4a33200710444e1bf4ab67d8
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb
        Size/MD5 checksum:   353066 c56644b426ae945ca420d4ca37fc3f2a
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb
        Size/MD5 checksum:    94092 80b46b6fd60e857c84c588432b098957
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb
        Size/MD5 checksum:   330258 b905d30958bd5c51d355f286f81b8be1
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb
        Size/MD5 checksum:    85046 294ccbc4b51e4942edaeec7cd746dfa3
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb
        Size/MD5 checksum:   113356 111f0daa2075584c100efc9c11ecef73
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb
        Size/MD5 checksum:   468296 bd4d69b5e0d4ee39ec564e1304f7649c
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb
        Size/MD5 checksum:    89018 b6af57d65d43a7433132bee9657ba608
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb
        Size/MD5 checksum:   344558 aba2d85d5196c2a46555ad9e478d338a
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb
        Size/MD5 checksum:   346856 97e04d97bdd55f852392d7461bad7f4d
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb
        Size/MD5 checksum:    90308 9e780cda3df3384d0f1e33637d003f21
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb
        Size/MD5 checksum:    91048 98174626d8ad1fba940c81001c337a4f
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb
        Size/MD5 checksum:   337266 9f636e6d8904103b0096a4eed99e9cae
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb
        Size/MD5 checksum:   341586 b42ddbad323dcdbd775d502f786ab449
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb
        Size/MD5 checksum:    90750 62d4c3e618a6c69d532b8d8d33bb27b9
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb
        Size/MD5 checksum:    85710 9f1f526be4f2df4eb64d46023d87c6b3
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb
        Size/MD5 checksum:   317136 38e50e9d97b46b51d12429b9ea727858
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz
        Size/MD5 checksum:    49472 4bc8ba2bd520a7514f2c33021c64e8ce
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz
        Size/MD5 checksum:  1039057 ddff5ec5a06b804ca23dc41268368853
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc
        Size/MD5 checksum:     1144 46d3f28156ee183512a451588ef414e4
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb
        Size/MD5 checksum:   428532 052c13540da3fab19fdca83e9a389a39
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb
        Size/MD5 checksum:   114088 78065dd99d3732291e8d499383af17d9
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb
        Size/MD5 checksum:   409514 a421f12270f5b22639d67be8d2cc8b4e
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb
        Size/MD5 checksum:   104612 9ec93c697cf64232728d0dd5658efac8
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb
        Size/MD5 checksum:   104604 78fa45a7e0503e4ee87e7508294cb0b0
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb
        Size/MD5 checksum:   381692 f1943edf9599189d16a2f936fa971abc
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb
        Size/MD5 checksum:   387510 63ebe895d019d2362a0a11a0de0842c6
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb
        Size/MD5 checksum:   104268 6c224349c910ffce5bb892f2a06dc243
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb
        Size/MD5 checksum:   375004 5a43cbb6106d576ab686e9e4eb78c245
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb
        Size/MD5 checksum:    99098 6c81df8c4653265f10ad6abf68091329
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb
        Size/MD5 checksum:   131288 dfa8646655028ae53bddad7f41e9f3a4
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb
        Size/MD5 checksum:   544150 8e274b6b73125efe0fa8392398e0c5ea
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb
        Size/MD5 checksum:   103502 5bd00dfdef0862a63bb666ed949e26ef
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb
        Size/MD5 checksum:   388820 46fc10315192943b912126fe68ffeea9
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb
        Size/MD5 checksum:   104216 a271cb33c891084479ed441945672f14
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb
        Size/MD5 checksum:   390562 352f78906e08ddb861053dfed30640bf
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb
        Size/MD5 checksum:   403162 0210fa37088d78ee9aa53395aa0148e8
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb
        Size/MD5 checksum:   109438 26f043be5fb248d33b605d1987fa472a
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb
        Size/MD5 checksum:   107474 aa6203b0e9e6dacbe39520be6b849eea
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb
        Size/MD5 checksum:   399386 e965abdcf32838fff7753e789e703205
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb
        Size/MD5 checksum:   102486 57b2e115a15e08518f00158c1fe36cf2
      http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb
        Size/MD5 checksum:   373916 7e2278ac7b4f0b352814ad2f55b1213a
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.