fix CVE-2007-1841

Debian Bug report logs - #423252
fix CVE-2007-1841

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Brian Haley <brian.haley@hp.com>

To: submit@bugs.debian.org

Subject: Racoon package update

Date: Thu, 10 May 2007 16:52:49 -0400

Package: racoon
Version: 1:0.6.6-3.1

There was a CVE entered recently about racoon/ipsec-tools:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1841

Debian is vulnerable.  There is a new ipsec-tools source package on 
sourceforge (0.6.7) that fixes the vulnerability.

Message #16 received at 423252@bugs.debian.org (full text, mbox, reply):

From: dann frazier <dannf@debian.org>

To: 423252@bugs.debian.org, 380103@bugs.debian.org, 403511@bugs.debian.org

Subject: NMU in delayed

Date: Tue, 19 Jun 2007 11:50:57 -0600

I've uploaded an NMU that fixes these bugs to the 7-day DELAYED queue.
Patch follows.

diff -u ipsec-tools-0.6.6/config.guess ipsec-tools-0.6.6/config.guess
--- ipsec-tools-0.6.6/config.guess
+++ ipsec-tools-0.6.6/config.guess
@@ -4,7 +4,7 @@
 #   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
 #   Inc.
 
-timestamp='2006-07-02'
+timestamp='2007-03-06'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -161,6 +161,7 @@
 	    arm*) machine=arm-unknown ;;
 	    sh4el) machine=shl-unknown ;;
 	    sh4eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
 	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
 	esac
 	# The Operating System including object format, if it has switched
@@ -780,7 +781,7 @@
     i*:CYGWIN*:*)
 	echo ${UNAME_MACHINE}-pc-cygwin
 	exit ;;
-    i*:MINGW*:*)
+    *:MINGW*:*)
 	echo ${UNAME_MACHINE}-pc-mingw32
 	exit ;;
     i*:windows32*:*)
@@ -790,12 +791,15 @@
     i*:PW*:*)
 	echo ${UNAME_MACHINE}-pc-pw32
 	exit ;;
-    x86:Interix*:[3456]*)
-	echo i586-pc-interix${UNAME_RELEASE}
-	exit ;;
-    EM64T:Interix*:[3456]*)
-	echo x86_64-unknown-interix${UNAME_RELEASE}
-	exit ;;
+    *:Interix*:[3456]*)
+    	case ${UNAME_MACHINE} in
+	    x86) 
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    EM64T | authenticamd)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
     [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
 	echo i${UNAME_MACHINE}-pc-mks
 	exit ;;
@@ -950,6 +954,9 @@
     x86_64:Linux:*:*)
 	echo x86_64-unknown-linux-gnu
 	exit ;;
+    xtensa:Linux:*:*)
+    	echo xtensa-unknown-linux-gnu
+	exit ;;
     i*86:Linux:*:*)
 	# The BFD linker knows what the default object file format is, so
 	# first see if it will tell us. cd to the root directory to prevent
@@ -1208,6 +1215,15 @@
     SX-6:SUPER-UX:*:*)
 	echo sx6-nec-superux${UNAME_RELEASE}
 	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
     Power*:Rhapsody:*:*)
 	echo powerpc-apple-rhapsody${UNAME_RELEASE}
 	exit ;;
diff -u ipsec-tools-0.6.6/config.sub ipsec-tools-0.6.6/config.sub
--- ipsec-tools-0.6.6/config.sub
+++ ipsec-tools-0.6.6/config.sub
@@ -4,7 +4,7 @@
 #   2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
 #   Inc.
 
-timestamp='2006-09-20'
+timestamp='2007-01-18'
 
 # This file is (in principle) common to ALL GNU software.
 # The presence of a machine in this file suggests that SOME GNU software
@@ -245,12 +245,12 @@
 	| bfin \
 	| c4x | clipper \
 	| d10v | d30v | dlx | dsp16xx \
-	| fr30 | frv \
+	| fido | fr30 | frv \
 	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
 	| i370 | i860 | i960 | ia64 \
 	| ip2k | iq2000 \
 	| m32c | m32r | m32rle | m68000 | m68k | m88k \
-	| maxq | mb | microblaze | mcore \
+	| maxq | mb | microblaze | mcore | mep \
 	| mips | mipsbe | mipseb | mipsel | mipsle \
 	| mips16 \
 	| mips64 | mips64el \
@@ -324,7 +324,7 @@
 	| clipper-* | craynv-* | cydra-* \
 	| d10v-* | d30v-* | dlx-* \
 	| elxsi-* \
-	| f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
 	| h8300-* | h8500-* \
 	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
 	| i*86-* | i860-* | i960-* | ia64-* \
@@ -925,6 +925,9 @@
 		basic_machine=sh-hitachi
 		os=-hms
 		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
 	sh64)
 		basic_machine=sh64-unknown
 		;;
@@ -1219,7 +1222,7 @@
 	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
 	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
 	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
-	      | -skyos* | -haiku* | -rdos* | -toppers*)
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
 	# Remember, each alternative MUST END IN *, to match a version number.
 		;;
 	-qnx*)
@@ -1414,6 +1417,9 @@
 	m68*-cisco)
 		os=-aout
 		;;
+        mep-*)
+		os=-elf
+		;;
 	mips*-cisco)
 		os=-elf
 		;;
diff -u ipsec-tools-0.6.6/debian/changelog ipsec-tools-0.6.6/debian/changelog
--- ipsec-tools-0.6.6/debian/changelog
+++ ipsec-tools-0.6.6/debian/changelog
@@ -1,3 +1,15 @@
+ipsec-tools (1:0.6.6-3.2) unstable; urgency=low
+
+  * Non-maintainer upload
+  * Fix remote DoS condition that makes it possible for remote attackers to
+    crash a tunnel. See CVE-2007-1841 (closes: #423252)
+  * Fix typo in initscript (s/force_reload/force-reload). Patch from
+    Robie Basak (closes: #380103)
+  * setkey does not honor both -FP and -F in a single run, split into
+    separate calls. Patch from Benjamin Sonntag (closes: #403511)
+
+ -- dann frazier <dannf@debian.org>  Tue, 19 Jun 2007 11:26:58 -0600
+
 ipsec-tools (1:0.6.6-3.1) unstable; urgency=low
 
   * Non-maintainer upload to fix pending l10n issues.
diff -u ipsec-tools-0.6.6/debian/racoon.init ipsec-tools-0.6.6/debian/racoon.init
--- ipsec-tools-0.6.6/debian/racoon.init
+++ ipsec-tools-0.6.6/debian/racoon.init
@@ -74,7 +74,7 @@
 	        echo "."
         	;;
          
-	  reload|force_reload|restart)
+	  reload|force-reload|restart)
                 $0 stop
         	$0 start
 	        ;;
diff -u ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init
--- ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init
+++ ipsec-tools-0.6.6/debian/ipsec-tools.setkey.init
@@ -26,13 +26,15 @@
 	;;
   stop)
 	echo -n "Flushing IPsec SA/SP database: "
-	$SETKEY -F -FP
+	$SETKEY -F 
+	$SETKEY -FP
 	echo "done."
 	;;
   restart|force-reload)
 	echo -n "Reloading IPsec SA/SP database: "
-	$SETKEY -F -FP
 	$SETKEY -f $SETKEY_CONF
+	$SETKEY -F 
+	$SETKEY -FP
 	echo "done."
 	;;
   *)
only in patch4:
unchanged:
--- ipsec-tools-0.6.6.orig/src/racoon/isakmp_inf.c
+++ ipsec-tools-0.6.6/src/racoon/isakmp_inf.c
@@ -267,12 +267,12 @@
 
 	switch (np) {
 	case ISAKMP_NPTYPE_N:
-		if (isakmp_info_recv_n(iph4, msg) < 0)
-			goto end;
+		if ( encrypted )
+			isakmp_info_recv_n(iph4, msg);
 		break;
 	case ISAKMP_NPTYPE_D:
-		if (isakmp_info_recv_d(iph4, msg) < 0)
-			goto end;
+		if ( encrypted )
+			isakmp_info_recv_d(iph4, msg);
 		break;
 	case ISAKMP_NPTYPE_NONCE:
 		/* XXX to be 6.4.2 ike-01.txt */

-- 
dann frazier

Message #21 received at 423252-close@bugs.debian.org (full text, mbox, reply):

From: dann frazier <dannf@debian.org>

To: 423252-close@bugs.debian.org

Subject: Bug#423252: fixed in ipsec-tools 1:0.6.6-3.2

Date: Mon, 25 Jun 2007 20:32:05 +0000

Source: ipsec-tools
Source-Version: 1:0.6.6-3.2

We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:

ipsec-tools_0.6.6-3.2.diff.gz
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.2.diff.gz
ipsec-tools_0.6.6-3.2.dsc
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.2.dsc
ipsec-tools_0.6.6-3.2_ia64.deb
  to pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.2_ia64.deb
racoon_0.6.6-3.2_ia64.deb
  to pool/main/i/ipsec-tools/racoon_0.6.6-3.2_ia64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 423252@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
dann frazier <dannf@debian.org> (supplier of updated ipsec-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 19 Jun 2007 11:26:58 -0600
Source: ipsec-tools
Binary: racoon ipsec-tools
Architecture: source ia64
Version: 1:0.6.6-3.2
Distribution: unstable
Urgency: low
Maintainer: Ganesan Rajagopal <rganesan@debian.org>
Changed-By: dann frazier <dannf@debian.org>
Description: 
 ipsec-tools - IPsec tools for Linux
 racoon     - IPsec IKE keying daemon
Closes: 380103 403511 423252
Changes: 
 ipsec-tools (1:0.6.6-3.2) unstable; urgency=low
 .
   * Non-maintainer upload
   * Fix remote DoS condition that makes it possible for remote attackers to
     crash a tunnel. See CVE-2007-1841 (closes: #423252)
   * Fix typo in initscript (s/force_reload/force-reload). Patch from
     Robie Basak (closes: #380103)
   * setkey does not honor both -FP and -F in a single run, split into
     separate calls. Patch from Benjamin Sonntag (closes: #403511)
Files: 
 285514c87b93f422cfe6c8e82083d088 704 net extra ipsec-tools_0.6.6-3.2.dsc
 323ac831e3e2ef177b5400169ec6f9c3 50068 net extra ipsec-tools_0.6.6-3.2.diff.gz
 bfaa7738624f7c1e9a30c97472cfafd2 114868 net extra ipsec-tools_0.6.6-3.2_ia64.deb
 444a3ebcad6e0a2acefb7692b9e04741 469174 net extra racoon_0.6.6-3.2_ia64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGeBaahuANDBmkLRkRAgFPAJ9ZQCpOy80u8ng5zxZ79+jjHka5oACeJ0k6
7BDAgU3wAjZ71UmJpTcTbbE=
=g94J
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.