ipsec-tools: CVE-2008-3652 denial of service for authenticated attackers

Debian Bug report logs - #501026
ipsec-tools: CVE-2008-3652 denial of service for authenticated attackers

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: submit@bugs.debian.org

Subject: ipsec-tools: CVE-2008-3652 denial of service for authenticated attackers

Date: Fri, 3 Oct 2008 14:51:24 +0200

[Message part 1 (text/plain, inline)]

Package: ipsec-tools
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.

CVE-2008-3652[0]:
| src/racoon/handler.c in racoon in ipsec-tools does not remove an
| "orphaned ph4" (phase 1) handle when it has been initiated remotely,
| which allows remote attackers to cause a denial of service (resource
| consumption).

A patch of the relevant changes extracted from upstream rcs 
is attached.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652
    http://security-tracker.debian.net/tracker/CVE-2008-3652

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ipsec-tools.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #10 received at 501026@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 501026@bugs.debian.org

Subject: intent to NMU

Date: Tue, 7 Oct 2008 14:28:43 +0200

[Message part 1 (text/plain, inline)]

Hi,
I intent to upload an NMU for this.

debdiff attached and archived on:
http://people.debian.org/~nion/nmu-diff/ipsec-tools-0.7.1-1.1_0.7.1-1.2.patch

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[ipsec-tools-0.7.1-1.1_0.7.1-1.2.patch (text/x-diff, attachment)]

[Message part 3 (application/pgp-signature, inline)]

Message #15 received at 501026-close@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 501026-close@bugs.debian.org

Subject: Bug#501026: fixed in ipsec-tools 1:0.7.1-1.2

Date: Tue, 07 Oct 2008 12:47:03 +0000

Source: ipsec-tools
Source-Version: 1:0.7.1-1.2

We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:

ipsec-tools_0.7.1-1.2.diff.gz
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.2.diff.gz
ipsec-tools_0.7.1-1.2.dsc
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.2.dsc
ipsec-tools_0.7.1-1.2_amd64.deb
  to pool/main/i/ipsec-tools/ipsec-tools_0.7.1-1.2_amd64.deb
racoon_0.7.1-1.2_amd64.deb
  to pool/main/i/ipsec-tools/racoon_0.7.1-1.2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 501026@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated ipsec-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 07 Oct 2008 14:22:25 +0200
Source: ipsec-tools
Binary: ipsec-tools racoon
Architecture: source amd64
Version: 1:0.7.1-1.2
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <rganesan@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 ipsec-tools - IPsec tools for Linux
 racoon     - IPsec IKE keying daemon
Closes: 501026
Changes: 
 ipsec-tools (1:0.7.1-1.2) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Apply upstream patch to remove orphaned phase 1 handles that were
     initiated remotely if an invalid first exchange was received
     which may lead to a denial of service attack
     (CVE-2008-3652; Closes: #501026).
Checksums-Sha1: 
 c186dcc08816adac5ddfa287f17e569e75376994 1116 ipsec-tools_0.7.1-1.2.dsc
 24fd05d0588abf864e892eaf68b70bdee9d0d6aa 48771 ipsec-tools_0.7.1-1.2.diff.gz
 865338f7cb9cff0ea6adf048dadc41b711157aea 104458 ipsec-tools_0.7.1-1.2_amd64.deb
 8f88f79cab6620b5ff02bf21292adbbd44663f4d 409178 racoon_0.7.1-1.2_amd64.deb
Checksums-Sha256: 
 ade33043a0b8c8c943177fe156f14aefb50521bf5350d55ac60a159fe9568d42 1116 ipsec-tools_0.7.1-1.2.dsc
 480b6f41731ca567c9f0e3f4204356180d1a65bf801f1943b2875370225a680a 48771 ipsec-tools_0.7.1-1.2.diff.gz
 0a61707030dbe4d5cc5d7c16fa7d0a41206f090708a6be751a2f1f7c4646b47a 104458 ipsec-tools_0.7.1-1.2_amd64.deb
 2a9681291ba5706aa31a1c84e6ef41f3be2f0b3eaf1f73ea8af2c55c46f4f17c 409178 racoon_0.7.1-1.2_amd64.deb
Files: 
 b752079a73117402d3e95d72b82a7a70 1116 net extra ipsec-tools_0.7.1-1.2.dsc
 e5a49aa08e2ec39bce65937b4eb4bc86 48771 net extra ipsec-tools_0.7.1-1.2.diff.gz
 9596677a88e83372c422483a7ebc8e47 104458 net extra ipsec-tools_0.7.1-1.2_amd64.deb
 07107ca2265a3540aee38a11a7029d6d 409178 net extra racoon_0.7.1-1.2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjrVggACgkQHYflSXNkfP/CVQCgiBg5hvBiJnyjUrRz104CJWPQ
oCwAoJ3SqeHYxShaMOGXxmg3lJyeN/Xr
=4Ed/
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.