ipsec-tools: CVE-2009-1574 remote denial of service

Debian Bug report logs - #527634
ipsec-tools: CVE-2009-1574 remote denial of service

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>

To: submit@bugs.debian.org

Subject: ipsec-tools: CVE-2009-1574 remote denial of service

Date: Fri, 8 May 2009 13:11:17 -0300

Package: ipsec-tools
Version: 1:0.7.1-1.3
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.

CVE-2009-1574[0]:
| racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote
| attackers to cause a denial of service (crash) via crafted fragmented
| packets without a payload, which triggers a NULL pointer dereference.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574
    http://security-tracker.debian.net/tracker/CVE-2009-1574

This looks like the patch:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.4&r2=1.4.6.1&f=h

luciano

Message #12 received at 527634@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 527634@bugs.debian.org

Subject: intent to NMU

Date: Wed, 13 May 2009 13:30:16 +0200

[Message part 1 (text/plain, inline)]

Hi,
I intent to upload a 0-day NMU to fix this. Attached is a 
patch for a debdiff.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ipsec-tools-0.7.1-1.3_0.7.1-1.4.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #17 received at 527634-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 527634-close@bugs.debian.org

Subject: Bug#527634: fixed in ipsec-tools 1:0.7.1-1.4

Date: Wed, 13 May 2009 11:47:04 +0000

Source: ipsec-tools
Source-Version: 1:0.7.1-1.4

We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:

ipsec-tools_0.7.1-1.4.diff.gz
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4.diff.gz
ipsec-tools_0.7.1-1.4.dsc
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4.dsc
ipsec-tools_0.7.1-1.4_amd64.deb
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.4_amd64.deb
racoon_0.7.1-1.4_amd64.deb
  to pool/main/i/ipsec-tools/racoon_0.7.1-1.4_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 527634@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated ipsec-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 13 May 2009 13:24:22 +0200
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.7.1-1.4
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <rganesan@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 ipsec-tools - IPsec tools for Linux
 racoon     - IPsec IKE keying daemon
Closes: 527634
Changes: 
 ipsec-tools (1:0.7.1-1.4) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix possible denial of service via a fragment without
     any payload (all item lengths = 0) which triggers a
     null ptr dereference (Closes: #527634).
Checksums-Sha1: 
 6d008b7ba9776494733a827e92b93f2b1f1a868b 1116 ipsec-tools_0.7.1-1.4.dsc
 855313394ed25f31b01e8f3580ca875f219c992e 49085 ipsec-tools_0.7.1-1.4.diff.gz
 2d31d3075991019d7da81d0f6b49a783912b7796 104398 ipsec-tools_0.7.1-1.4_amd64.deb
 60b80d92315d78edb2af6a61e1a3fbec189c7ce0 408204 racoon_0.7.1-1.4_amd64.deb
Checksums-Sha256: 
 50be31cc281158f51f7045af47096514efbdd067c74255964e7039df9f4ab400 1116 ipsec-tools_0.7.1-1.4.dsc
 4ec7a297089e8906ea8ef3a127a750843bb8c8728bbba03bca687c285b794b7b 49085 ipsec-tools_0.7.1-1.4.diff.gz
 7b693fa4bedfeb92c8bca036abcac535c232ea0485cc438f36375409d9b51303 104398 ipsec-tools_0.7.1-1.4_amd64.deb
 80f60f3fae09384343defb873913d7ea15b93640df07a91e1e71ed0343a1959f 408204 racoon_0.7.1-1.4_amd64.deb
Files: 
 b918815f19054feaee63c496e79277f0 1116 net extra ipsec-tools_0.7.1-1.4.dsc
 0c25fac5bd576081757e509e43312ccb 49085 net extra ipsec-tools_0.7.1-1.4.diff.gz
 74303b963aa3d842f6bed799d4b86674 104398 net extra ipsec-tools_0.7.1-1.4_amd64.deb
 df4249a579374dfe78269d5be4bb560c 408204 net extra racoon_0.7.1-1.4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoKr60ACgkQHYflSXNkfP+VywCaA5GBCKXRmpgksgvmDuFoEh7R
D+wAmwY/5MgfrMYFEZZpVGprpX70MW4X
=bQnc
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.