Debian Bug report logs -
#423252
fix CVE-2007-1841
Reported by: Brian Haley <brian.haley@hp.com>
Date: Thu, 10 May 2007 20:54:05 UTC
Severity: important
Found in version ipsec-tools/1:0.6.6-3.1
Fixed in version ipsec-tools/1:0.6.6-3.2
Done: dann frazier <dannf@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Ganesan Rajagopal <rganesan@debian.org>
:
Bug#423252
; Package racoon
.
(full text, mbox, link).
Acknowledgement sent to Brian Haley <brian.haley@hp.com>
:
New Bug report received and forwarded. Copy sent to Ganesan Rajagopal <rganesan@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: racoon
Version: 1:0.6.6-3.1
There was a CVE entered recently about racoon/ipsec-tools:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841
Debian is vulnerable. There is a new ipsec-tools source package on
sourceforge (0.6.7) that fixes the vulnerability.
Bug 423252 cloned as bug 429711.
Request was from dann frazier <dannf@debian.org>
to control@bugs.debian.org
.
(Tue, 19 Jun 2007 17:06:05 GMT) (full text, mbox, link).
Changed Bug title to `fix CVE-2007-1841' from `Racoon package update'.
Request was from dann frazier <dannf@debian.org>
to control@bugs.debian.org
.
(Tue, 19 Jun 2007 17:06:05 GMT) (full text, mbox, link).
Severity set to `important' from `normal'
Request was from dann frazier <dannf@debian.org>
to control@bugs.debian.org
.
(Tue, 19 Jun 2007 17:06:05 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Ganesan Rajagopal <rganesan@debian.org>
:
Bug#423252
; Package racoon
.
(full text, mbox, link).
Acknowledgement sent to dann frazier <dannf@debian.org>
:
Extra info received and forwarded to list. Copy sent to Ganesan Rajagopal <rganesan@debian.org>
.
(full text, mbox, link).
Message #16 received at 423252@bugs.debian.org (full text, mbox, reply):
I've uploaded an NMU that fixes these bugs to the 7-day DELAYED queue.
Patch follows.
diff -u ipsec-tools-0.6.6/config.guess ipsec-tools-0.6.6/config.guess
--- ipsec-tools-0.6.6/config.guess
+++ ipsec-tools-0.6.6/config.guess
@@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
# Inc.
-timestamp='2006-07-02'
+timestamp='2007-03-06'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -161,6 +161,7 @@
arm*) machine=arm-unknown ;;
sh4el) machine=shl-unknown ;;
sh4eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
@@ -780,7 +781,7 @@
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit ;;
- i*:MINGW*:*)
+ *:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
i*:windows32*:*)
@@ -790,12 +791,15 @@
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit ;;
- x86:Interix*:[3456]*)
- echo i586-pc-interix${UNAME_RELEASE}
- exit ;;
- EM64T:Interix*:[3456]*)
- echo x86_64-unknown-interix${UNAME_RELEASE}
- exit ;;
+ *:Interix*:[3456]*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ EM64T | authenticamd)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit ;;
@@ -950,6 +954,9 @@
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
exit ;;
+ xtensa:Linux:*:*)
+ echo xtensa-unknown-linux-gnu
+ exit ;;
i*86:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
@@ -1208,6 +1215,15 @@
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
diff -u ipsec-tools-0.6.6/config.sub ipsec-tools-0.6.6/config.sub
--- ipsec-tools-0.6.6/config.sub
+++ ipsec-tools-0.6.6/config.sub
@@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
# Inc.
-timestamp='2006-09-20'
+timestamp='2007-01-18'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -245,12 +245,12 @@
| bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
- | fr30 | frv \
+ | fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | mcore \
+ | maxq | mb | microblaze | mcore | mep \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@@ -324,7 +324,7 @@
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
@@ -925,6 +925,9 @@
basic_machine=sh-hitachi
os=-hms
;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
sh64)
basic_machine=sh64-unknown
;;
@@ -1219,7 +1222,7 @@
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers*)
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1414,6 +1417,9 @@
m68*-cisco)
os=-aout
;;
+ mep-*)
+ os=-elf
+ ;;
mips*-cisco)
os=-elf
;;
diff -u ipsec-tools-0.6.6/debian/changelog ipsec-tools-0.6.6/debian/changelog
--- ipsec-tools-0.6.6/debian/changelog
+++ ipsec-tools-0.6.6/debian/changelog
@@ -1,3 +1,15 @@
+ipsec-tools (1:0.6.6-3.2) unstable; urgency=low
+
+ * Non-maintainer upload
+ * Fix remote DoS condition that makes it possible for remote attackers to
+ crash a tunnel. See CVE-2007-1841 (closes: #423252)
+ * Fix typo in initscript (s/force_reload/force-reload). Patch from
+ Robie Basak (closes: #380103)
+ * setkey does not honor both -FP and -F in a single run, split into
+ separate calls. Patch from Benjamin Sonntag (closes: #403511)
+
+ -- dann frazier <dannf@debian.org> Tue, 19 Jun 2007 11:26:58 -0600
+
ipsec-tools (1:0.6.6-3.1) unstable; urgency=low
* Non-maintainer upload to fix pending l10n issues.
diff -u ipsec-tools-0.6.6/debian/racoon.init ipsec-tools-0.6.6/debian/racoon.init
--- ipsec-tools-0.6.6/debian/racoon.init
+++ ipsec-tools-0.6.6/debian/racoon.init
@@ -74,7 +74,7 @@
echo "."
;;
- reload|force_reload|restart)
+ reload|force-reload|restart)
$0 stop
$0 start
;;
diff -u ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init
--- ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init
+++ ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init
@@ -26,13 +26,15 @@
;;
stop)
echo -n "Flushing IPsec SA/SP database: "
- $SETKEY -F -FP
+ $SETKEY -F
+ $SETKEY -FP
echo "done."
;;
restart|force-reload)
echo -n "Reloading IPsec SA/SP database: "
- $SETKEY -F -FP
$SETKEY -f $SETKEY_CONF
+ $SETKEY -F
+ $SETKEY -FP
echo "done."
;;
*)
only in patch4:
unchanged:
--- ipsec-tools-0.6.6.orig/src/racoon/isakmp_inf.c
+++ ipsec-tools-0.6.6/src/racoon/isakmp_inf.c
@@ -267,12 +267,12 @@
switch (np) {
case ISAKMP_NPTYPE_N:
- if (isakmp_info_recv_n(iph4, msg) < 0)
- goto end;
+ if ( encrypted )
+ isakmp_info_recv_n(iph4, msg);
break;
case ISAKMP_NPTYPE_D:
- if (isakmp_info_recv_d(iph4, msg) < 0)
- goto end;
+ if ( encrypted )
+ isakmp_info_recv_d(iph4, msg);
break;
case ISAKMP_NPTYPE_NONCE:
/* XXX to be 6.4.2 ike-01.txt */
--
dann frazier
Reply sent to dann frazier <dannf@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Brian Haley <brian.haley@hp.com>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #21 received at 423252-close@bugs.debian.org (full text, mbox, reply):
Source: ipsec-tools
Source-Version: 1:0.6.6-3.2
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.6.6-3.2.diff.gz
to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.2.diff.gz
ipsec-tools_0.6.6-3.2.dsc
to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.2.dsc
ipsec-tools_0.6.6-3.2_ia64.deb
to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.2_ia64.deb
racoon_0.6.6-3.2_ia64.deb
to pool/main/i/ipsec-tools/racoon_0.6.6-3.2_ia64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 423252@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated ipsec-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 19 Jun 2007 11:26:58 -0600
Source: ipsec-tools
Binary: racoon ipsec-tools
Architecture: source ia64
Version: 1:0.6.6-3.2
Distribution: unstable
Urgency: low
Maintainer: Ganesan Rajagopal <rganesan@debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 380103 403511 423252
Changes:
ipsec-tools (1:0.6.6-3.2) unstable; urgency=low
.
* Non-maintainer upload
* Fix remote DoS condition that makes it possible for remote attackers to
crash a tunnel. See CVE-2007-1841 (closes: #423252)
* Fix typo in initscript (s/force_reload/force-reload). Patch from
Robie Basak (closes: #380103)
* setkey does not honor both -FP and -F in a single run, split into
separate calls. Patch from Benjamin Sonntag (closes: #403511)
Files:
285514c87b93f422cfe6c8e82083d088 704 net extra ipsec-tools_0.6.6-3.2.dsc
323ac831e3e2ef177b5400169ec6f9c3 50068 net extra ipsec-tools_0.6.6-3.2.diff.gz
bfaa7738624f7c1e9a30c97472cfafd2 114868 net extra ipsec-tools_0.6.6-3.2_ia64.deb
444a3ebcad6e0a2acefb7692b9e04741 469174 net extra racoon_0.6.6-3.2_ia64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGeBaahuANDBmkLRkRAgFPAJ9ZQCpOy80u8ng5zxZ79+jjHka5oACeJ0k6
7BDAgU3wAjZ71UmJpTcTbbE=
=g94J
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 15 Sep 2007 07:28:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:15:18 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.