IPSec-Tools Memory Leakage Vulnerability Network Vulnerability

Summary

This host is installed with IPSec-Tools for Linux and is prone to Memory Leakage Vulnerability.

Impact

Successful exploitation will let the attacker cause multiple memory leaks or memory consumption through signature verification during user authentication with X.509 certificates. Impact level: System/Application

Solution

Upgrade to the latest version 0.7.2 http://ipsec-tools.sourceforge.net

Insight

Multiple memory leaks are cause due to error in eay_check_x509sign function in 'src/racoon/crypto_openssl.c' and NAT Traversal keepalive implementation in 'src/racoon/nattraversal.c' files.

Affected

IPsec Tools version prior to 0.7.2

References

http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611
http://www.openwall.com/lists/oss-security/2009/05/12/3

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1632
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Cherokee POST request DoS
ddrLPD Remote Denial of Service Vulnerability
Comodo Internet Security Denial of Service Vulnerability-01
Apple Safari JavaScript 'Reload()' DoS Vulnerability - July09
Crash SMC AP

Take action and discover your vulnerabilities