Vigil@nce: RHEL, multiple vunerabilities in ipsec-tools
August 2008 by Vigil@nce
Several vulnerabilities has been discovered in ipsec-tools.
– Gravity: 2/4
– Consequences: denial of service of service
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 27/08/2008
– Identifier: VIGILANCE-VUL-8060
IMPACTED PRODUCTS
- Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
Two vulnerabilities have been discovered in ipsec-tools/racoon.
Because of a coding issue in the file "src/racoon/handler.c" (not
freeing ressources), a remote attacker can force the "IPsec-Tools
Racoon" daemon to consume all available memory and thus generate a
denial of service. [grav:2/4; CVE-2008-3652, RHSA-2008:0849-5]
Because of a coding issue in the file "racoon/proposal.c" (not
freeing ressources), a remote attacker can force the "IPsec-Tools
Racoon" daemon to consume all available memory and thus generate a
denial of service. [grav:2/4; CVE-2008-3651, RHSA-2008:0849-5]
CHARACTERISTICS
– Identifiers: CVE-2008-3651, CVE-2008-3652, RHSA-2008:0849-5,
VIGILANCE-VUL-8060
– Url: https://vigilance.aql.fr/tree/1/8060