Debian Bug report logs - #340584
CVE-2005-3732: Minor DoS vulnerabilities unveiled by the PROTOS IKE test suite

version graph

Package: ipsec-tools; Maintainer for ipsec-tools is Matthew Grant <matthewgrant5@gmail.com>; Source for ipsec-tools is src:ipsec-tools.

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 24 Nov 2005 11:18:03 UTC

Severity: important

Tags: security

Fixed in version ipsec-tools/1:0.6.3-1

Done: Ganesan Rajagopal <rganesan@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Ganesan Rajagopal <rganesan@debian.org>:
Bug#340584; Package ipsec-tools. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Ganesan Rajagopal <rganesan@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2005-3732: Minor DoS vulnerabilities unveiled by the PROTOS IKE test suite
Date: Thu, 24 Nov 2005 12:13:35 +0100
Package: ipsec-tools
Severity: important
Tags: security

Like several other IKE implementations racoon is affected by some Denial-of-
Service vulnerabilities unveiled by the PROTOS test suite of some Finnish
researchers (http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp)

The issues found in racoon are rather insignificant and are fixed upstream
in 0.6.3. Please see
http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000 
for a more detailed description.

This has been assigned CVE-2005-3732, please mention it in the changelog when
fixing it.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-2-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Reply sent to Ganesan Rajagopal <rganesan@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 340584-close@bugs.debian.org (full text, mbox):

From: Ganesan Rajagopal <rganesan@debian.org>
To: 340584-close@bugs.debian.org
Subject: Bug#340584: fixed in ipsec-tools 1:0.6.3-1
Date: Sun, 27 Nov 2005 23:02:06 -0800
Source: ipsec-tools
Source-Version: 1:0.6.3-1

We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:

ipsec-tools_0.6.3-1.diff.gz
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.3-1.diff.gz
ipsec-tools_0.6.3-1.dsc
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.3-1.dsc
ipsec-tools_0.6.3-1_i386.deb
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.3-1_i386.deb
ipsec-tools_0.6.3.orig.tar.gz
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.3.orig.tar.gz
racoon_0.6.3-1_i386.deb
  to pool/main/i/ipsec-tools/racoon_0.6.3-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 340584@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ganesan Rajagopal <rganesan@debian.org> (supplier of updated ipsec-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 28 Nov 2005 11:58:31 +0530
Source: ipsec-tools
Binary: racoon ipsec-tools
Architecture: source i386
Version: 1:0.6.3-1
Distribution: unstable
Urgency: low
Maintainer: Ganesan Rajagopal <rganesan@debian.org>
Changed-By: Ganesan Rajagopal <rganesan@debian.org>
Description: 
 ipsec-tools - IPsec tools for Linux
 racoon     - IPsec IKE keying daemon
Closes: 340584
Changes: 
 ipsec-tools (1:0.6.3-1) unstable; urgency=low
 .
   * New upstream release with fix for CVE-2005-3732 (closes: #340584).
Files: 
 c59fe9bdef850414d2832e8168bf0dd9 673 net extra ipsec-tools_0.6.3-1.dsc
 1b37fbccd2f74a20af1e7967a580c521 914052 net extra ipsec-tools_0.6.3.orig.tar.gz
 6f56f7581fe81ec3f54678ca41730a77 41115 net extra ipsec-tools_0.6.3-1.diff.gz
 4db894e02e453e1471c47c757afdaad7 81282 net extra ipsec-tools_0.6.3-1_i386.deb
 e013c76f334913ef10d805e7010b4502 308724 net extra racoon_0.6.3-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDiqg3FeACul2MEuoRAutTAKCqUc2jnwbFho5Ite8NgOx52xyExQCeLtTD
ameKRxyvJ7wEa9BF1z58KjE=
=u2xs
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 20:40:46 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 03:10:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.