Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2007-1841

Published: 10/04/2007 Updated: 11/10/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Ipsec-tools

Vulnerability Summary

The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools prior to 0.6.7 allows remote malicious users to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.

Vulnerable Product Search on Vulmon Subscribe to Product

ipsec-tools ipsec-tools

Vendor Advisories

Debian CVElist Bug Report Logs: fix CVE-2007-1841
Debian Bug report logs - #423252 fix CVE-2007-1841 Package: racoon; Maintainer for racoon is ipsec-tools packagers <team+ipsec-tools@trackerdebianorg>; Source for racoon is src:ipsec-tools (PTS, buildd, popcon) Reported by: Brian Haley <brianhaley@hpcom> Date: Thu, 10 May 2007 20:54:05 UTC Severity: important ...
Ubuntu Security Notice: ipsec-tools vulnerability
A flaw was discovered in the IPSec key exchange server “racoon” Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service ...
Debian Security Advisories: DSA-1299-1 ipsec-tools -- missing input sanitising
It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service The oldstable distribution (sarge) isn't affected by this problem For the stable distribution (etch) this problem has been fixed in version 1:066-31 The unstable distribution (sid) will ...

References

NVD-CWE-noinfohttp://sourceforge.net/mailarchive/message.php?msg_name=20070406123739.GA1546%40zen.inchttp://sourceforge.net/project/shownotes.php?release_id=499192&group_id=74601http://secunia.com/advisories/24815http://www.ubuntu.com/usn/usn-450-1http://www.securityfocus.com/bid/23394http://secunia.com/advisories/24833http://secunia.com/advisories/24826http://www.novell.com/linux/security/advisories/2007_8_sr.htmlhttp://security.gentoo.org/glsa/glsa-200705-09.xmlhttp://secunia.com/advisories/25072http://secunia.com/advisories/25142https://rhn.redhat.com/errata/RHSA-2007-0342.htmlhttp://secunia.com/advisories/25322http://www.debian.org/security/2007/dsa-1299http://www.mandriva.com/security/advisories?name=MDKSA-2007:084http://www.securitytracker.com/id?1018086http://secunia.com/advisories/25560http://www.vupen.com/english/advisories/2007/1310https://exchange.xforce.ibmcloud.com/vulnerabilities/33541https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10504https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=423252https://usn.ubuntu.com/450-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook