Debian Bug report logs - #527634
ipsec-tools: CVE-2009-1574 remote denial of service

version graph

Package: ipsec-tools; Maintainer for ipsec-tools is Matthew Grant <matthewgrant5@gmail.com>; Source for ipsec-tools is src:ipsec-tools.

Reported by: Luciano Bello <luciano@debian.org>

Date: Fri, 8 May 2009 16:18:02 UTC

Severity: grave

Tags: security

Found in versions ipsec-tools/1:0.7.1-1.3, ipsec-tools/1:0.6.6-3.1etch1

Fixed in version ipsec-tools/1:0.7.1-1.4

Done: Nico Golde <nion@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Ganesan Rajagopal <rganesan@debian.org>:
Bug#527634; Package ipsec-tools. (Fri, 08 May 2009 16:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Ganesan Rajagopal <rganesan@debian.org>. (Fri, 08 May 2009 16:18:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Luciano Bello <luciano@debian.org>
To: submit@bugs.debian.org
Subject: ipsec-tools: CVE-2009-1574 remote denial of service
Date: Fri, 8 May 2009 13:11:17 -0300
Package: ipsec-tools
Version: 1:0.7.1-1.3
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.

CVE-2009-1574[0]:
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
| attackers to cause a denial of service (crash) via crafted fragmented
| packets without a payload, which triggers a NULL pointer dereference.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
    http://security-tracker.debian.net/tracker/CVE-2009-1574

This looks like the patch:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.4&r2=1.4.6.1&f=h

luciano




Bug marked as found in version 1:0.6.6-3.1etch1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Wed, 13 May 2009 11:30:09 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Ganesan Rajagopal <rganesan@debian.org>:
Bug#527634; Package ipsec-tools. (Wed, 13 May 2009 11:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Ganesan Rajagopal <rganesan@debian.org>. (Wed, 13 May 2009 11:33:02 GMT) Full text and rfc822 format available.

Message #12 received at 527634@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 527634@bugs.debian.org
Subject: intent to NMU
Date: Wed, 13 May 2009 13:30:16 +0200
[Message part 1 (text/plain, inline)]
Hi,
I intent to upload a 0-day NMU to fix this. Attached is a 
patch for a debdiff.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[ipsec-tools-0.7.1-1.3_0.7.1-1.4.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Reply sent to Nico Golde <nion@debian.org>:
You have taken responsibility. (Wed, 13 May 2009 11:54:05 GMT) Full text and rfc822 format available.

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Wed, 13 May 2009 11:54:05 GMT) Full text and rfc822 format available.

Message #17 received at 527634-close@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: 527634-close@bugs.debian.org
Subject: Bug#527634: fixed in ipsec-tools 1:0.7.1-1.4
Date: Wed, 13 May 2009 11:47:04 +0000
Source: ipsec-tools
Source-Version: 1:0.7.1-1.4

We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:

ipsec-tools_0.7.1-1.4.diff.gz
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4.diff.gz
ipsec-tools_0.7.1-1.4.dsc
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4.dsc
ipsec-tools_0.7.1-1.4_amd64.deb
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4_amd64.deb
racoon_0.7.1-1.4_amd64.deb
  to pool/main/i/ipsec-tools/racoon_0.7.1-1.4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 527634@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated ipsec-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 13 May 2009 13:24:22 +0200
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.7.1-1.4
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <rganesan@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 ipsec-tools - IPsec tools for Linux
 racoon     - IPsec IKE keying daemon
Closes: 527634
Changes: 
 ipsec-tools (1:0.7.1-1.4) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix possible denial of service via a fragment without
     any payload (all item lengths = 0) which triggers a
     null ptr dereference (Closes: #527634).
Checksums-Sha1: 
 6d008b7ba9776494733a827e92b93f2b1f1a868b 1116 ipsec-tools_0.7.1-1.4.dsc
 855313394ed25f31b01e8f3580ca875f219c992e 49085 ipsec-tools_0.7.1-1.4.diff.gz
 2d31d3075991019d7da81d0f6b49a783912b7796 104398 ipsec-tools_0.7.1-1.4_amd64.deb
 60b80d92315d78edb2af6a61e1a3fbec189c7ce0 408204 racoon_0.7.1-1.4_amd64.deb
Checksums-Sha256: 
 50be31cc281158f51f7045af47096514efbdd067c74255964e7039df9f4ab400 1116 ipsec-tools_0.7.1-1.4.dsc
 4ec7a297089e8906ea8ef3a127a750843bb8c8728bbba03bca687c285b794b7b 49085 ipsec-tools_0.7.1-1.4.diff.gz
 7b693fa4bedfeb92c8bca036abcac535c232ea0485cc438f36375409d9b51303 104398 ipsec-tools_0.7.1-1.4_amd64.deb
 80f60f3fae09384343defb873913d7ea15b93640df07a91e1e71ed0343a1959f 408204 racoon_0.7.1-1.4_amd64.deb
Files: 
 b918815f19054feaee63c496e79277f0 1116 net extra ipsec-tools_0.7.1-1.4.dsc
 0c25fac5bd576081757e509e43312ccb 49085 net extra ipsec-tools_0.7.1-1.4.diff.gz
 74303b963aa3d842f6bed799d4b86674 104398 net extra ipsec-tools_0.7.1-1.4_amd64.deb
 df4249a579374dfe78269d5be4bb560c 408204 net extra racoon_0.7.1-1.4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoKr60ACgkQHYflSXNkfP+VywCaA5GBCKXRmpgksgvmDuFoEh7R
D+wAmwY/5MgfrMYFEZZpVGprpX70MW4X
=bQnc
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 07 Mar 2011 08:36:56 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 06:50:44 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.