The remote host is missing updates announced in advisory GLSA 200404-17.

ipsec-tools users should upgrade to version 0.2.5 or later: # emerge sync # emerge -pv '>=net-firewall/ipsec-tools-0.3.1' # emerge '>=net-firewall/ipsec-tools-0.3.1' iputils users should upgrade to version 021109-r3 or later: # emerge sync # emerge -pv '>=net-misc/iputils-021109-r3' # emerge '>=net-misc/iputils-021109-r3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-17 http://bugs.gentoo.org/show_bug.cgi?id=48847 http://ipsec-tools.sourceforge.net/

racoon, which is included in the ipsec-tools and iputils packages in Portage, does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resoources, causing a Denial of Service.