{"id": "ABCACB5A-E7F1-11DD-AFCD-00E0815B8DA8", "bulletinFamily": "unix", "title": "ipset-tools -- Denial of Service Vulnerabilities", "description": "\nSecurityFocus reports:\n\nIPsec-Tools is affected by multiple remote denial-of-service\n\t vulnerabilities because the software fails to properly handle\n\t certain network packets.\nA successful attack allows a remote attacker to crash the\n\t software, denying further service to legitimate users.\n\n", "published": "2008-07-28T00:00:00", "modified": "2008-07-28T00:00:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://vuxml.freebsd.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html", "reporter": "FreeBSD", "references": ["http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2"], "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "type": "freebsd", "lastseen": "2019-05-29T18:34:18", "history": [{"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "ipsec-tools", "packageVersion": "0.7.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "\nSecurityFocus reports:\n\nIPsec-Tools is affected by multiple remote denial-of-service\n\t vulnerabilities because the software fails to properly handle\n\t certain network packets.\nA successful attack allows a remote attacker to crash the\n\t software, denying further service to legitimate users.\n\n", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "fda754bd6039fc45af1ac324630eabd2f2e8303ef5d3893ec315b0547d558a78", "hashmap": [{"hash": "4bb9ad9498e292d3c95e070688552b59", "key": "href"}, {"hash": "bfc36239dc63984a3ea8beb6b276beaa", "key": "references"}, {"hash": "ad2727bf8c1335ccf389d60371bd817e", "key": "affectedPackage"}, {"hash": "ff5029a7013a0eb8c7fab159fd743a51", "key": "description"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "8725f4851299d6c728c217f47ebd4ec9", "key": "title"}, {"hash": "3007d8cd48fb4753aba211dfaa800894", "key": "cvelist"}, {"hash": "b0bb17fcf39959f74606f8d54069112b", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b0bb17fcf39959f74606f8d54069112b", "key": "published"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html", "id": "ABCACB5A-E7F1-11DD-AFCD-00E0815B8DA8", "lastseen": "2018-08-30T19:15:36", "modified": "2008-07-28T00:00:00", "objectVersion": "1.3", "published": "2008-07-28T00:00:00", "references": ["http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2"], "reporter": "FreeBSD", "title": "ipset-tools -- Denial of Service Vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:15:36"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "ipsec-tools", "packageVersion": "0.7.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "\nSecurityFocus reports:\n\nIPsec-Tools is affected by multiple remote denial-of-service\n\t vulnerabilities because the software fails to properly handle\n\t certain network packets.\nA successful attack allows a remote attacker to crash the\n\t software, denying further service to legitimate users.\n\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-08-31T01:15:28", "references": [{"idList": ["GLSA-200812-03"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:VULN:9251", "SECURITYVULNS:VULN:9907", "SECURITYVULNS:DOC:21825", "SECURITYVULNS:DOC:20428"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310880153", "OPENVAS:880153", "OPENVAS:1361412562310880133", "OPENVAS:1361412562310870155", "OPENVAS:1361412562310122559", "OPENVAS:1361412562310830488", "OPENVAS:65306", "OPENVAS:840260", "OPENVAS:65953", "OPENVAS:61942"], "type": "openvas"}, {"idList": ["CESA-2008:0849"], "type": "centos"}, {"idList": ["CVE-2008-3652", "CVE-2008-3651"], "type": "cve"}, {"idList": ["FREEBSD_PKG_ABCACB5AE7F111DDAFCD00E0815B8DA8.NASL", "SUSE_NOVELL-IPSEC-TOOLS-5887.NASL", "SUSE_11_0_NOVELL-IPSEC-TOOLS-081220.NASL", "FEDORA_2008-9016.NASL", "SUSE_IPSEC-TOOLS-5638.NASL", "CENTOS_RHSA-2008-0849.NASL", "UBUNTU_USN-641-1.NASL", "GENTOO_GLSA-200812-03.NASL", "SUSE_NOVELL-IPSEC-TOOLS-5888.NASL", "FEDORA_2008-9007.NASL"], "type": "nessus"}, {"idList": ["ELSA-2008-0849"], "type": "oraclelinux"}, {"idList": ["SSV:4522"], "type": "seebug"}, {"idList": ["USN-641-1"], "type": "ubuntu"}, {"idList": ["RHSA-2008:0849"], "type": "redhat"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "b0abece52c19f767c977f36a49200346bfd3b0b6518ead1e7fe9a3c0a98d38a0", "hashmap": [{"hash": "4bb9ad9498e292d3c95e070688552b59", "key": "href"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "bfc36239dc63984a3ea8beb6b276beaa", "key": "references"}, {"hash": "ad2727bf8c1335ccf389d60371bd817e", "key": "affectedPackage"}, {"hash": "ff5029a7013a0eb8c7fab159fd743a51", "key": "description"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "8725f4851299d6c728c217f47ebd4ec9", "key": "title"}, {"hash": "3007d8cd48fb4753aba211dfaa800894", "key": "cvelist"}, {"hash": "b0bb17fcf39959f74606f8d54069112b", "key": "modified"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b0bb17fcf39959f74606f8d54069112b", "key": "published"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html", "id": "ABCACB5A-E7F1-11DD-AFCD-00E0815B8DA8", "lastseen": "2018-08-31T01:15:28", "modified": "2008-07-28T00:00:00", "objectVersion": "1.3", "published": "2008-07-28T00:00:00", "references": ["http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2"], "reporter": "FreeBSD", "title": "ipset-tools -- Denial of Service Vulnerabilities", "type": "freebsd", "viewCount": 2}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-31T01:15:28"}, {"bulletin": {"affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "ipsec-tools", "packageVersion": "0.7.1"}], "bulletinFamily": "unix", "cvelist": ["CVE-2008-3652", "CVE-2008-3651"], "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "description": "\nSecurityFocus reports:\n\nIPsec-Tools is affected by multiple remote denial-of-service\n\t vulnerabilities because the software fails to properly handle\n\t certain network packets.\nA successful attack allows a remote attacker to crash the\n\t software, denying further service to legitimate users.\n\n", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "b0abece52c19f767c977f36a49200346bfd3b0b6518ead1e7fe9a3c0a98d38a0", "hashmap": [{"hash": "4bb9ad9498e292d3c95e070688552b59", "key": "href"}, {"hash": "ed3111898fb94205e2b64cefef5a2081", "key": "cvss"}, {"hash": "bfc36239dc63984a3ea8beb6b276beaa", "key": "references"}, {"hash": "ad2727bf8c1335ccf389d60371bd817e", "key": "affectedPackage"}, {"hash": "ff5029a7013a0eb8c7fab159fd743a51", "key": "description"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "8725f4851299d6c728c217f47ebd4ec9", "key": "title"}, {"hash": "3007d8cd48fb4753aba211dfaa800894", "key": "cvelist"}, {"hash": "b0bb17fcf39959f74606f8d54069112b", "key": "modified"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "b0bb17fcf39959f74606f8d54069112b", "key": "published"}], "history": [], "href": "https://vuxml.freebsd.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html", "id": "ABCACB5A-E7F1-11DD-AFCD-00E0815B8DA8", "lastseen": "2016-09-26T17:24:54", "modified": "2008-07-28T00:00:00", "objectVersion": "1.2", "published": "2008-07-28T00:00:00", "references": ["http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2"], "reporter": "FreeBSD", "title": "ipset-tools -- Denial of Service Vulnerabilities", "type": "freebsd", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-26T17:24:54"}], "edition": 4, "hashmap": [{"key": "affectedPackage", "hash": "ad2727bf8c1335ccf389d60371bd817e"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "3007d8cd48fb4753aba211dfaa800894"}, {"key": "cvss", "hash": "5a4bd22c495ccbe3aa9b54cab81d2473"}, {"key": "description", "hash": "ff5029a7013a0eb8c7fab159fd743a51"}, {"key": "href", "hash": "4bb9ad9498e292d3c95e070688552b59"}, {"key": "modified", "hash": "b0bb17fcf39959f74606f8d54069112b"}, {"key": "published", "hash": "b0bb17fcf39959f74606f8d54069112b"}, {"key": "references", "hash": "bfc36239dc63984a3ea8beb6b276beaa"}, {"key": "reporter", "hash": "a3dc630729e463135f4e608954fa6e19"}, {"key": "title", "hash": "8725f4851299d6c728c217f47ebd4ec9"}, {"key": "type", "hash": "1527e888767cdce15d200b870b39cfd0"}], "hash": "30872a61f1a795d93bf82d14065b6444815a5e3ee8f1e282ebb39b6bde150aaf", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-3651", "CVE-2008-3652"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20428", "SECURITYVULNS:VULN:9251", "SECURITYVULNS:VULN:9907", "SECURITYVULNS:DOC:21825"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0849"]}, {"type": "openvas", "idList": ["OPENVAS:61942", "OPENVAS:880133", "OPENVAS:880153", "OPENVAS:860020", "OPENVAS:136141256231063280", "OPENVAS:870155", "OPENVAS:860826", "OPENVAS:1361412562310880133", "OPENVAS:1361412562310880153", "OPENVAS:830488"]}, {"type": "nessus", "idList": ["SUSE9_12259.NASL", "SL_20080826_IPSEC_TOOLS_ON_SL3_X.NASL", "GENTOO_GLSA-200812-03.NASL", "UBUNTU_USN-641-1.NASL", "SUSE_NOVELL-IPSEC-TOOLS-5888.NASL", "FEDORA_2008-9016.NASL", "SUSE_11_0_IPSEC-TOOLS-080925.NASL", "FREEBSD_PKG_ABCACB5AE7F111DDAFCD00E0815B8DA8.NASL", "SUSE_IPSEC-TOOLS-5630.NASL", "SUSE_11_0_NOVELL-IPSEC-TOOLS-081220.NASL"]}, {"type": "centos", "idList": ["CESA-2008:0849"]}, {"type": "redhat", "idList": ["RHSA-2008:0849"]}, {"type": "ubuntu", "idList": ["USN-641-1"]}, {"type": "seebug", "idList": ["SSV:4522"]}, {"type": "gentoo", "idList": ["GLSA-200812-03"]}], "modified": "2019-05-29T18:34:18"}, "score": {"value": 6.1, "vector": "NONE", "modified": "2019-05-29T18:34:18"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "ipsec-tools", "packageVersion": "0.7.1"}], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-3651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3651", "published": "2008-08-13T01:41:00", "title": "CVE-2008-3651", "type": "cve", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "src/racoon/handler.c in racoon in ipsec-tools does not remove an \"orphaned ph1\" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-3652", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3652", "published": "2008-08-13T01:41:00", "title": "CVE-2008-3652", "type": "cve", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:49:41", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200812-03.", "modified": "2017-07-07T00:00:00", "published": "2008-12-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=61942", "id": "OPENVAS:61942", "title": "Gentoo Security Advisory GLSA 200812-03 (ipsec-tools)", "type": "openvas", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"IPsec-Tools' racoon is affected by a remote Denial of Service\nvulnerability.\";\ntag_solution = \"All IPsec-Tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.7.1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=232831\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200812-03.\";\n\n \n \n\nif(description)\n{\n script_id(61942);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-12-03 18:25:22 +0100 (Wed, 03 Dec 2008)\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200812-03 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-firewall/ipsec-tools\", unaffected: make_list(\"ge 0.7.1\"), vulnerable: make_list(\"lt 0.7.1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880153", "id": "OPENVAS:880153", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015208.html\");\n script_id(880153);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 x86_64\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:08", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880133", "id": "OPENVAS:880133", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\");\n script_id(880133);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:14", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870155", "id": "OPENVAS:1361412562310870155", "title": "RedHat Update for ipsec-tools RHSA-2008:0849-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ipsec-tools RHSA-2008:0849-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00019.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870155\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0849-01\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"RedHat Update for ipsec-tools RHSA-2008:0849-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:31", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880133", "id": "OPENVAS:1361412562310880133", "type": "openvas", "title": "CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on CentOS 3\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880133\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 09:02:20 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"CESA\", value: \"2008:0849\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"CentOS Update for ipsec-tools CESA-2008:0849 centos3 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"CentOS3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:11", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860826", "id": "OPENVAS:860826", "title": "Fedora Update for ipsec-tools FEDORA-2008-9007", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ipsec-tools FEDORA-2008-9007\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is the IPsec-Tools package. You need this package in order to\n really use the IPsec functionality in the linux-2.5+ kernels. This\n package builds:\n\n \t- setkey, a program to directly manipulate policies and SAs\n \t- racoon, an IKEv1 keying daemon\";\n\ntag_affected = \"ipsec-tools on Fedora 9\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00129.html\");\n script_id(860826);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:07:33 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-9007\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Fedora Update for ipsec-tools FEDORA-2008-9007\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.1~5.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:38", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870155", "id": "OPENVAS:870155", "title": "RedHat Update for ipsec-tools RHSA-2008:0849-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ipsec-tools RHSA-2008:0849-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The ipsec-tools package is used in conjunction with the IPsec functionality\n in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\n Two denial of service flaws were found in the ipsec-tools racoon daemon. It\n was possible for a remote attacker to cause the racoon daemon to consume\n all available memory. (CVE-2008-3651, CVE-2008-3652)\n \n Users of ipsec-tools should upgrade to this updated package, which contains\n backported patches that resolve these issues.\";\n\ntag_affected = \"ipsec-tools on Red Hat Enterprise Linux AS version 3,\n Red Hat Enterprise Linux ES version 3,\n Red Hat Enterprise Linux WS version 3,\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-August/msg00019.html\");\n script_id(870155);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0849-01\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"RedHat Update for ipsec-tools RHSA-2008:0849-01\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.6.5~9.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.3.3~7.el4_7\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_3\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.2.5~0.7.rhel3.5\", rls:\"RHENT_3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2008-0849", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122559", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122559", "title": "Oracle Linux Local Check: ELSA-2008-0849", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0849.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122559\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:47:58 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0849\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0849 - ipsec-tools security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0849\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0849.html\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~9.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:56:24", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830488", "id": "OPENVAS:830488", "title": "Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Two denial of service vulnerabilities were discovered in the\n ipsec-tools racoon daemon, which could allow a remote attacker to cause\n it to consume all available memory (CVE-2008-3651, CVE-2008-3652).\n\n The updated packages have been patched to prevent these issues.\";\n\ntag_affected = \"ipsec-tools on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-08/msg00027.php\");\n script_id(830488);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:181\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Mandriva Update for ipsec-tools MDVSA-2008:181 (ipsec-tools)\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.6~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.7~1.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7~1.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:40", "bulletinFamily": "scanner", "description": "Check for the Version of ipsec-tools", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860020", "id": "OPENVAS:860020", "title": "Fedora Update for ipsec-tools FEDORA-2008-9016", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ipsec-tools FEDORA-2008-9016\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This is the IPsec-Tools package. You need this package in order to\n really use the IPsec functionality in the linux-2.5+ kernels. This\n package builds:\n\n \t- setkey, a program to directly manipulate policies and SAs\n \t- racoon, an IKEv1 keying daemon\";\n\ntag_affected = \"ipsec-tools on Fedora 8\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00190.html\");\n script_id(860020);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:07:33 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-9016\");\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_name( \"Fedora Update for ipsec-tools FEDORA-2008-9016\");\n\n script_summary(\"Check for the Version of ipsec-tools\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.1~5.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:17:06", "bulletinFamily": "scanner", "description": "Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)", "modified": "2019-01-07T00:00:00", "id": "SL_20080826_IPSEC_TOOLS_ON_SL3_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60468", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60468);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0808&L=scientific-linux-errata&T=0&P=2045\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a0945a57\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL3\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\nif (rpm_check(release:\"SL4\", reference:\"ipsec-tools-0.3.3-7.el4_7\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:10", "bulletinFamily": "scanner", "description": "It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the 'racoon' key exchange server could allocate large amounts of memory, possibly leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-641-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34116", "published": "2008-09-09T00:00:00", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ipsec-tools vulnerabilities (USN-641-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-641-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34116);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"USN\", value:\"641-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ipsec-tools vulnerabilities (USN-641-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were multiple ways to leak memory during\nthe IKE negotiation when handling certain packets. If a remote\nattacker sent repeated malicious requests, the 'racoon' key exchange\nserver could allocate large amounts of memory, possibly leading to a\ndenial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/641-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools and / or racoon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:racoon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/09/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ipsec-tools\", pkgver:\"0.6.5-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"racoon\", pkgver:\"1:0.6.5-4ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ipsec-tools\", pkgver:\"0.6.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"racoon\", pkgver:\"1:0.6.6-3ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ipsec-tools\", pkgver:\"0.6.6-3.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"racoon\", pkgver:\"1:0.6.6-3.1ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ipsec-tools\", pkgver:\"0.6.7-1.1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"racoon\", pkgver:\"1:0.6.7-1.1ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools / racoon\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:25", "bulletinFamily": "scanner", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it. (CVE-2008-3651, CVE-2008-3652)", "modified": "2016-12-21T00:00:00", "id": "SUSE9_12259.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41246", "published": "2009-09-24T00:00:00", "title": "SuSE9 Security Update : ipsec-tools (YOU Patch Number 12259)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41246);\n script_version(\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:33:29 $\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"SuSE9 Security Update : ipsec-tools (YOU Patch Number 12259)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it. (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3652.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12259.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"ipsec-tools-0.3.3-1.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:14:27", "bulletinFamily": "scanner", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it. (CVE-2008-3651 / CVE-2008-3652)", "modified": "2016-12-22T00:00:00", "id": "SUSE_NOVELL-IPSEC-TOOLS-5888.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=51758", "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : novell-ipsec (ZYPP Patch Number 5888)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51758);\n script_version (\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:28 $\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"SuSE 10 Security Update : novell-ipsec (ZYPP Patch Number 5888)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it. (CVE-2008-3651 / CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3651.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-3652.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5888.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"novell-ipsec-tools-0.6.3-26.23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:22", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200812-03 (IPsec-Tools: racoon Denial of Service)\n\n Two Denial of Service vulnerabilities have been reported in racoon:\n The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651).\n Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an 'orphaned ph1' (phase 1) handle when it has been initiated remotely (CVE-2008-3652).\n Impact :\n\n An attacker could exploit these vulnerabilities to cause a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-07-11T00:00:00", "id": "GENTOO_GLSA-200812-03.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35020", "published": "2008-12-03T00:00:00", "title": "GLSA-200812-03 : IPsec-Tools: racoon Denial of Service", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200812-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35020);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"GLSA\", value:\"200812-03\");\n\n script_name(english:\"GLSA-200812-03 : IPsec-Tools: racoon Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200812-03\n(IPsec-Tools: racoon Denial of Service)\n\n Two Denial of Service vulnerabilities have been reported in racoon:\n The vendor reported a memory leak in racoon/proposal.c that can be\n triggered via invalid proposals (CVE-2008-3651).\n Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not\n remove an 'orphaned ph1' (phase 1) handle when it has been initiated\n remotely (CVE-2008-3652).\n \nImpact :\n\n An attacker could exploit these vulnerabilities to cause a Denial of\n Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200812-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All IPsec-Tools users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.7.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/12/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-firewall/ipsec-tools\", unaffected:make_list(\"ge 0.7.1\"), vulnerable:make_list(\"lt 0.7.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"IPsec-Tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:18", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0849 :\n\nAn updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2008-0849.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67741", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 3 / 4 / 5 : ipsec-tools (ELSA-2008-0849)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0849 and \n# Oracle Linux Security Advisory ELSA-2008-0849 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67741);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"RHSA\", value:\"2008:0849\");\n\n script_name(english:\"Oracle Linux 3 / 4 / 5 : ipsec-tools (ELSA-2008-0849)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0849 :\n\nAn updated ipsec-tools package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000715.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000716.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-August/000717.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\nif (rpm_check(release:\"EL4\", reference:\"ipsec-tools-0.3.3-7.el4_7\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:09", "bulletinFamily": "scanner", "description": "An updated ipsec-tools package that fixes two security issues is now available for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0849.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34052", "published": "2008-08-27T00:00:00", "title": "CentOS 3 / 4 / 5 : ipsec-tools (CESA-2008:0849)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0849 and \n# CentOS Errata and Security Advisory 2008:0849 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34052);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n script_xref(name:\"RHSA\", value:\"2008:0849\");\n\n script_name(english:\"CentOS 3 / 4 / 5 : ipsec-tools (CESA-2008:0849)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated ipsec-tools package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 3, 4, and 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon\ndaemon. It was possible for a remote attacker to cause the racoon\ndaemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4b11509\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015208.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2890dc0b\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015215.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef83d500\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015216.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?564c72e3\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015222.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2689bae7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-August/015224.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11be8708\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"ipsec-tools-0.2.5-0.7.rhel3.5\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ipsec-tools-0.3.3-7.c4\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"ipsec-tools-0.6.5-9.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:07", "bulletinFamily": "scanner", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652)", "modified": "2016-12-21T00:00:00", "id": "SUSE_11_0_NOVELL-IPSEC-TOOLS-081220.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40080", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-389)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update novell-ipsec-tools-389.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40080);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-389)\");\n script_summary(english:\"Check for the novell-ipsec-tools-389 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=434748\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected novell-ipsec-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"novell-ipsec-tools-0.6.3-183.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"novell-ipsec-tools-devel-0.6.3-183.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"novell-ipsec-tools / novell-ipsec-tools-devel\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:18", "bulletinFamily": "scanner", "description": "Remote attackers could exploit memory leaks in the 'racoon' daemon to crash it (CVE-2008-3651, CVE-2008-3652)", "modified": "2016-12-22T00:00:00", "id": "SUSE_IPSEC-TOOLS-5630.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34739", "published": "2008-11-11T00:00:00", "title": "openSUSE 10 Security Update : ipsec-tools (ipsec-tools-5630)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ipsec-tools-5630.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34739);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:32:46 $\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n\n script_name(english:\"openSUSE 10 Security Update : ipsec-tools (ipsec-tools-5630)\");\n script_summary(english:\"Check for the ipsec-tools-5630 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remote attackers could exploit memory leaks in the 'racoon' daemon to\ncrash it (CVE-2008-3651, CVE-2008-3652)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"ipsec-tools-0.6.5-42\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"ipsec-tools-0.6.5-104.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:28", "bulletinFamily": "scanner", "description": "SecurityFocus reports :\n\nIPsec-Tools is affected by multiple remote denial-of-service vulnerabilities because the software fails to properly handle certain network packets.\n\nA successful attack allows a remote attacker to crash the software, denying further service to legitimate users.", "modified": "2018-11-23T00:00:00", "id": "FREEBSD_PKG_ABCACB5AE7F111DDAFCD00E0815B8DA8.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35442", "published": "2009-01-22T00:00:00", "title": "FreeBSD : ipset-tools -- Denial of Service Vulnerabilities (abcacb5a-e7f1-11dd-afcd-00e0815b8da8)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35442);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/23 12:49:57\");\n\n script_cve_id(\"CVE-2008-3651\", \"CVE-2008-3652\");\n script_bugtraq_id(30657);\n\n script_name(english:\"FreeBSD : ipset-tools -- Denial of Service Vulnerabilities (abcacb5a-e7f1-11dd-afcd-00e0815b8da8)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nIPsec-Tools is affected by multiple remote denial-of-service\nvulnerabilities because the software fails to properly handle certain\nnetwork packets.\n\nA successful attack allows a remote attacker to crash the software,\ndenying further service to legitimate users.\"\n );\n # http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2\"\n );\n # https://vuxml.freebsd.org/freebsd/abcacb5a-e7f1-11dd-afcd-00e0815b8da8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f960ce3e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/01/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ipsec-tools<0.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:16", "bulletinFamily": "unix", "description": "[0.6.5-9.3]\n- fix for DoS through various memory leaks (CVE-2008-3651 #456660,\n CVE-2008-3652 #458846)", "modified": "2008-08-26T00:00:00", "published": "2008-08-26T00:00:00", "id": "ELSA-2008-0849", "href": "http://linux.oracle.com/errata/ELSA-2008-0849.html", "title": "ipsec-tools security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:27", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2008:181\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : ipsec-tools\r\n Date : August 28, 2008\r\n Affected: 2007.1, 2008.0, 2008.1, Corporate 4.0,\r\n Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Two denial of service vulnerabilities were discovered in the\r\n ipsec-tools racoon daemon, which could allow a remote attacker to cause\r\n it to consume all available memory &#40;CVE-2008-3651, CVE-2008-3652&#41;.\r\n \r\n The updated packages have been patched to prevent these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2007.1:\r\n e3a12410fab45488a49034076c096a12 2007.1/i586/ipsec-tools-0.6.6-2.2mdv2007.1.i586.rpm\r\n eeb78f3ca87a91c05c69f39c13119899 2007.1/i586/libipsec0-0.6.6-2.2mdv2007.1.i586.rpm\r\n e2014baecdcc1243e1711bb3bc4330bf 2007.1/i586/libipsec0-devel-0.6.6-2.2mdv2007.1.i586.rpm \r\n 255d8527872be4d72bbbac8be7866683 2007.1/SRPMS/ipsec-tools-0.6.6-2.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2007.1/X86_64:\r\n cab88fba0361f7ad10d92fe4a0bcf5cf 2007.1/x86_64/ipsec-tools-0.6.6-2.2mdv2007.1.x86_64.rpm\r\n ce73d466b05959f8432546fcc2154bdd 2007.1/x86_64/lib64ipsec0-0.6.6-2.2mdv2007.1.x86_64.rpm\r\n 7a29d409c432f251e58829479bb30c44 2007.1/x86_64/lib64ipsec0-devel-0.6.6-2.2mdv2007.1.x86_64.rpm \r\n 255d8527872be4d72bbbac8be7866683 2007.1/SRPMS/ipsec-tools-0.6.6-2.2mdv2007.1.src.rpm\r\n\r\n Mandriva Linux 2008.0:\r\n f969998276a204a0f102183746004665 2008.0/i586/ipsec-tools-0.6.7-1.1mdv2008.0.i586.rpm\r\n 7c16efad4b9bce8cf1ba6f3457cc58f6 2008.0/i586/libipsec0-0.6.7-1.1mdv2008.0.i586.rpm\r\n 23da7349d57158b08d2673d57d53fc50 2008.0/i586/libipsec0-devel-0.6.7-1.1mdv2008.0.i586.rpm \r\n ef1478d445cbf1b5f80f776ec7d7752c 2008.0/SRPMS/ipsec-tools-0.6.7-1.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n cbeb6df9cbf7c62d235d6408ad25b1a9 2008.0/x86_64/ipsec-tools-0.6.7-1.1mdv2008.0.x86_64.rpm\r\n b04fcb7ccbd32e801d41c4d83a7a57d9 2008.0/x86_64/lib64ipsec0-0.6.7-1.1mdv2008.0.x86_64.rpm\r\n 6f813c88f3990506069e459957bc43d7 2008.0/x86_64/lib64ipsec0-devel-0.6.7-1.1mdv2008.0.x86_64.rpm \r\n ef1478d445cbf1b5f80f776ec7d7752c 2008.0/SRPMS/ipsec-tools-0.6.7-1.1mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n 3be558f00238da24b450c34534914845 2008.1/i586/ipsec-tools-0.7-1.1mdv2008.1.i586.rpm\r\n 582922de31e7c3549337c68ccd948a94 2008.1/i586/libipsec0-0.7-1.1mdv2008.1.i586.rpm\r\n 55aa0129f04bfa0b3fd79eeb40e0e76f 2008.1/i586/libipsec-devel-0.7-1.1mdv2008.1.i586.rpm \r\n 36a949ae25bcdc895ba024450f910d9a 2008.1/SRPMS/ipsec-tools-0.7-1.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n ca6754c65ae12d91cc9eba32009ea6a9 2008.1/x86_64/ipsec-tools-0.7-1.1mdv2008.1.x86_64.rpm\r\n e74682fd89ee6649d41e03c5135faebe 2008.1/x86_64/lib64ipsec0-0.7-1.1mdv2008.1.x86_64.rpm\r\n 55d777ad6fe96f53fa6ca436b5921580 2008.1/x86_64/lib64ipsec-devel-0.7-1.1mdv2008.1.x86_64.rpm \r\n 36a949ae25bcdc895ba024450f910d9a 2008.1/SRPMS/ipsec-tools-0.7-1.1mdv2008.1.src.rpm\r\n\r\n Corporate 4.0:\r\n c5146f5b46e8386687a1b37fe0dc29f9 corporate/4.0/i586/ipsec-tools-0.6.5-2.2.20060mlcs4.i586.rpm\r\n 9c25c57f06839afbf55dd31547000721 corporate/4.0/i586/libipsec0-0.6.5-2.2.20060mlcs4.i586.rpm\r\n a565fab7f9c3ef0d48ced13bd9c84500 corporate/4.0/i586/libipsec0-devel-0.6.5-2.2.20060mlcs4.i586.rpm \r\n 87221b03544e9e9cb10491e8504813b0 corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.2.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n a1ee7dd60a3ea3471b5de7a8ab875735 corporate/4.0/x86_64/ipsec-tools-0.6.5-2.2.20060mlcs4.x86_64.rpm\r\n 93ac29406969dfbcccd77858c3edb553 corporate/4.0/x86_64/lib64ipsec0-0.6.5-2.2.20060mlcs4.x86_64.rpm\r\n 268e50439113279ce14068f54d0895a8 corporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.2.20060mlcs4.x86_64.rpm \r\n 87221b03544e9e9cb10491e8504813b0 corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.2.20060mlcs4.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 656584e7399fcf363ea0462e51df9baa mnf/2.0/i586/ipsec-tools-0.2.5-0.6.M20mdk.i586.rpm\r\n c4ffd9b8ed40fd575eac7828af27ef63 mnf/2.0/i586/libipsec-tools0-0.2.5-0.6.M20mdk.i586.rpm \r\n eb56a9bdcfbddbf8b4ff37fcb9bd9b45 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.6.M20mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFIt1fpmqjQ0CJFipgRAnLxAKCwcBv4uUfBqHf3c3GFk93ZUU6iJACaAh1W\r\nfljCV5e/DYk2CYPPH73/pD4=\r\n=Akis\r\n-----END PGP SIGNATURE-----", "modified": "2008-09-01T00:00:00", "published": "2008-09-01T00:00:00", "id": "SECURITYVULNS:DOC:20428", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20428", "title": "bugtraq@securityfocus.com", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "description": "DoS attack with memory exhaustion.", "modified": "2008-09-01T00:00:00", "published": "2008-09-01T00:00:00", "id": "SECURITYVULNS:VULN:9251", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9251", "title": "ipsec-tools / racoon IPSec DoS", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "description": "Few dozens of fixes for different system components and Safari.", "modified": "2009-05-29T00:00:00", "published": "2009-05-29T00:00:00", "id": "SECURITYVULNS:VULN:9907", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9907", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7\r\n\r\n * Last Modified: May 12, 2009\r\n * Article: HT3549\r\n\r\nSummary\r\n\r\nThis document describes the security content of Security Update 2009-002 / Mac OS X v10.5.7, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see &quot;How to use the Apple Product Security PGP Key.&quot;\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see &quot;Apple Security Updates.&quot;\r\nProducts Affected\r\n\r\nProduct Security, Mac OS X 10.5\r\nSecurity Update 2009-002 / Mac OS X v10.5.7\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache&#39;s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by applying the Apache patch for version 2.0.63. Further information is available via the Apache web site at http://httpd.apache.org/ Apache 2.0.x is only shipped with Mac OS X Server v10.4.x systems. Mac OS X v10.5.x and Mac OS X Server v10.5.x ship with Apache 2.2.x.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-2939\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website via a proxy may result in cross-site scripting\r\n\r\n Description: An input validation issue exists in Apache 2.2.9&#39;s handling of FTP proxy requests containing wildcard characters. Visiting a malicious website via an Apache proxy may result in a cross-site scripting attack. This update addresses the issue by updating Apache to version 2.2.11. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2008-0456\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Web sites that allow users to control the name of a served file may be vulnerable to HTTP response injection\r\n\r\n Description: A request forgery issue exists in Apache. Apache does not escape filenames when negotiating the correct content type to send to a remote browser. A user who can publish files with specially crafted names to a web site can substitute their own response for any web page hosted on the system. This update addresses the issue by escaping filenames in content negotiation responses.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2009-0154\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Apple Type Services&#39; handling of Compact Font Format &#40;CFF&#41; fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n BIND\r\n\r\n CVE-ID: CVE-2009-0025\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: BIND is susceptible to a spoofing attack if configured to use DNSSEC\r\n\r\n Description: BIND incorrectly checks the return value of the OpenSSL DSA_do_verify function. On systems using the DNS Security Extensions &#40;DNSSEC&#41; protocol, a maliciously crafted DSA certificate could bypass the validation, which may lead to a spoofing attack. By default, DNSSEC is not enabled. This update addresses the issue by updating BIND to version 9.3.6-P1 on Mac OS X v10.4, and version 9.4.3-P1 for Mac OS X v10.5 systems. Further information is available via the ISC web site at https://www.isc.org/\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0144\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Applications that use CFNetwork may send secure cookies in unencrypted HTTP requests\r\n\r\n Description: An implementation issue exists in CFNetwork&#39;s parsing of Set-Cookie headers, which may result in certain cookies being unexpectedly sent over a non-encrypted connection. This issue affects non-RFC compliant Set-Cookie headers that are accepted for compatibility reasons. This may result in applications that use CFNetwork, such as Safari, sending sensitive information in unencrypted HTTP requests. This update addresses the issue through improved parsing of Set-Cookie headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Andrew Mortensen of the University of Michigan for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2009-0157\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of overly long HTTP headers in CFNetwork. Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of HTTP headers. This issue does not affect systems prior to Mac OS X v10.5. Credit to Moritz Jodeit of n.runs AG for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0145\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in CoreGraphics&#39; handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds and error checking.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0155\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in CoreGraphics&#39; handling of PDF files may result in a heap buffer overflow. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Barry K. Nathan for reporting this issue.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple heap buffer overflows exist in CoreGraphics&#39; handling of PDF files containing JBIG2 streams. Viewing or downloading a PDF file containing a maliciously crafted JBIG2 stream may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Apple, Alin Rad Pop of Secunia Research, and Will Dormann of CERT/CC for reporting this issue.\r\n\r\n *\r\n\r\n Cscope\r\n\r\n CVE-ID: CVE-2009-0148\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted source file with Cscope may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Cscope&#39;s handling of long file system path names. Using Cscope to process a maliciously crafted source file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2009-0164\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted web site may lead to unauthorized access of the Web Interface of CUPS\r\n\r\n Description: Under certain circumstances, the Web Interface of CUPS 1.3.9 and earlier may be accessible to attackers through DNS rebinding attacks. In the default configuration, this may allow a maliciously crafted website to start and stop printers, and access information about printers and jobs. This update addresses the issue by performing additional validation of the Host header. Credit: Apple.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0150\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Tiller Beauchamp of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2009-0149\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Mounting a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the handling of disk images. Mounting a maliciously crafted sparse disk image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n enscript\r\n\r\n CVE-ID: CVE-2004-1184, CVE-2004-1185, CVE-2004-1186, CVE-2008-3863\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in enscript\r\n\r\n Description: enscript is updated to version 1.6.4 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the gnu web site at http://www.gnu.org/software/enscript/\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2009-0519, CVE-2009-0520, CVE-2009-0114\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in on Mac OS v10.5.x systems to version 10.0.22.87, and to version 9.0.159.0 on Mac OS X v10.4.11 systems. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-01.html\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0942\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted &quot;help:&quot; URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer loads Cascading Style Sheets referenced in URL parameters without validating that the referenced style sheets are located within a registered help book. A malicious &quot;help:&quot; URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of file system paths when loading stylesheets. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n Help Viewer\r\n\r\n CVE-ID: CVE-2009-0943\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted &quot;help:&quot; URL may lead to arbitrary code execution\r\n\r\n Description: Help Viewer does not validate that full paths to HTML documents are within registered help books. A malicious &quot;help:&quot; URL may be used to invoke arbitrary AppleScript files, which may lead to arbitrary code execution. This update addresses the issue through improved validation of &quot;help:&quot; URLs. Credit to Brian Mastenbrook for reporting this issue.\r\n\r\n *\r\n\r\n iChat\r\n\r\n CVE-ID: CVE-2009-0152\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: iChat AIM communications configured for SSL may downgrade to plaintext\r\n\r\n Description: iChat supports Secure Sockets Layer &#40;SSL&#41; for AOL Instant Messenger and Jabber accounts. iChat automatically disables SSL for AOL Instant Messenger accounts when it is unable to connect, and sends subsequent communications in plain text until SSL is manually re-enabled. A remote attacker with the ability to observe network traffic from an affected system may obtain the contents of AOL Instant Messenger conversations. This update addresses the issue by changing the behavior of iChat to always attempt to use SSL, and to use less secure channels only if the &quot;Require SSL&quot; preference is not enabled. This issue does not affect systems prior to Mac OS X v10.5, as they do not support SSL for iChat accounts.\r\n\r\n *\r\n\r\n International Components for Unicode\r\n\r\n CVE-ID: CVE-2009-0153\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Maliciously crafted content may bypass website filters and result in cross-site scripting\r\n\r\n Description: An implementation issue exists in ICU&#39;s handling of certain character encodings. Using ICU to convert invalid byte sequences to Unicode may result in over-consumption, where trailing bytes are considered part of the original character. This may be leveraged by an attacker to bypass filters on websites that attempt to mitigate cross-site scripting. This update addresses the issue through improved handling of invalid byte sequences. This issue does not affect systems prior to Mac OS X v10.5. Credit to Chris Weber of Casaba Security for reporting this issue.\r\n\r\n *\r\n\r\n IPSec\r\n\r\n CVE-ID: CVE-2008-3651, CVE-2008-3652\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in the racoon daemon may lead to a denial of service\r\n\r\n Description: Multiple memory leaks exist in the racoon daemon in ipsec-tools before 0.7.1, which may lead to a denial of service. This update addresses the issues through improved memory management.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0845\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: A null pointer dereference issue exists in the Kerberos SPNEGO support. Processing a maliciously crafted authentication packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue by adding a check for a null pointer. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0846, CVE-2009-0847\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in Kerberos&#39; handling of ASN.1 encoded messages. Processing a maliciously crafted ASN.1 encoded message may lead to a denial of service of a Kerberos-enabled program or arbitrary code execution. Further information on the issues and the patches applied is available via the MIT Kerberos website at http://web.mit.edu/Kerberos/\r\n\r\n *\r\n\r\n Kerberos\r\n\r\n CVE-ID: CVE-2009-0844\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program\r\n\r\n Description: An out-of-bounds memory access exists in Kerberos. Processing a maliciously crafted Kerberos data packet may lead to a denial of service of a Kerberos-enabled program. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2008-1517\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A local user may obtain system privileges\r\n\r\n Description: An unchecked index issue exists in the kernel&#39;s handling of workqueues, which may lead to an unexpected system shutdown or arbitrary code execution with Kernel privileges. This update addresses the issue through improved index checking. Credit to an anonymous researcher working with Verisign iDefense VCP for reporting this issue.\r\n\r\n *\r\n\r\n Launch Services\r\n\r\n CVE-ID: CVE-2009-0156\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Mach-O executable may cause Finder to repeatedly terminate and relaunch\r\n\r\n Description: An out-of-bounds memory read access exists in Launch Services. Downloading a maliciously crafted Mach-O executable may cause the Finder to repeatedly terminate and relaunch. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n libxml\r\n\r\n CVE-ID: CVE-2008-3529\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in libxml&#39;s handling of long entity names. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.\r\n\r\n *\r\n\r\n Net-SNMP\r\n\r\n CVE-ID: CVE-2008-4309\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote attacker may terminate the operation of the SNMP service\r\n\r\n Description: An integer overflow exists in the netsnmp_create_subtree_cache function. By sending a maliciously crafted SNMPv3 packet, an attacker may cause the SNMP server to terminate, denying service to legitimate clients. This update addresses the issue by applying the Net-SNMP patches on Mac OS X v10.4.11 systems, and by updating net_snmp to version 5.4.2.1 on Mac OS X v10.5.x systems. The SNMP service is not enabled by default on Mac OS X or Mac OS X Server.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0021\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Network Time is susceptible to a spoofing attack if NTP authentication is enabled\r\n\r\n Description: The ntpd daemon incorrectly checks the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this may allow a maliciously crafted signature to bypass the cryptographic signature validation, which may lead to a time spoofing attack. By default, NTP authentication is not enabled. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n Network Time\r\n\r\n CVE-ID: CVE-2009-0159\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Using the ntpq command to request peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in the ntpq program. When the ntpq program is used to request peer information from a remote time server, a maliciously crafted response may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2008-3530\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A remote user may be able to cause an unexpected system shutdown\r\n\r\n Description: When IPv6 support is enabled, IPv6 nodes use ICMPv6 to report errors encountered while processing packets. An implementation issue in the handling of incoming ICMPv6 &quot;Packet Too Big&quot; messages may cause an unexpected system shutdown. This update addresses the issue through improved handling of ICMPv6 messages.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2008-5077\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification\r\n\r\n Description: Several functions within the OpenSSL library incorrectly check the result value of the EVP_VerifyFinal function. A man-in-the-middle attacker may be able to impersonate a trusted server or user in applications using OpenSSL for SSL certificate verification for DSA and ECDSA keys. This update addresses the issue by properly checking the return value of the EVP_VerifyFinal function.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2008-3659, CVE-2008-2829, CVE-2008-3660, CVE-2008-2666, CVE-2008-2371, CVE-2008-2665, CVE-2008-3658, CVE-2008-5557\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.6\r\n\r\n Description: PHP is updated to version 5.2.8 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0160\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickDraw&#39;s handling of PICT images. Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit: Apple.\r\n * QuickDraw Manager\r\n\r\n CVE-ID: CVE-2009-0010\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer underflow in the handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Damian Put and Sebastian Apelt working with TippingPoint&#39;s Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in Ruby 1.8.6\r\n\r\n Description: Multiple vulnerabilities exist in Ruby 1.8.6. This update addresses the issues by updating Ruby to version 1.8.6-p287. Further information is available via the Ruby web site at http://www.ruby-lang.org/en/security/\r\n\r\n *\r\n\r\n ruby\r\n\r\n CVE-ID: CVE-2009-0161\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Ruby programs may accept revoked certificates\r\n\r\n Description: An incomplete error check exists in Ruby&#39;s use of the OpenSSL library. The OpenSSL::OCSP Ruby module may interpret an invalid response as an OCSP validation of the certificate. This update addresses the issue through improved error checking while verifying OCSP responses.\r\n\r\n *\r\n\r\n Safari\r\n\r\n CVE-ID: CVE-2009-0162\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Accessing a maliciously crafted &quot;feed:&quot; URL may lead to arbitrary code execution\r\n\r\n Description: Multiple input validation issues exist in Safari&#39;s handling of &quot;feed:&quot; URLs. Accessing a maliciously crafted &quot;feed:&quot; URL may lead to the execution of arbitrary JavaScript. This update addresses the issues by performing additional validation of &quot;feed:&quot; URLs. These issues do not affect systems prior to Mac OS X v10.5. Credit to Billy Rios of Microsoft Vulnerability Research &#40;MSVR&#41;, and Alfredo Melloni for reporting these issues.\r\n\r\n *\r\n\r\n Spotlight\r\n\r\n CVE-ID: CVE-2009-0944\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in the Mac OS X Microsoft Office Spotlight Importer. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Microsoft Office files.\r\n\r\n *\r\n\r\n system_cmds\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: The &quot;login&quot; command always runs the default shell with normal priority\r\n\r\n Description: The &quot;login&quot; command starts an interactive shell after a local user is authenticated. The priority level for the interactive shell is reset to the system default, which can cause the shell to run with an unexpectedly high priority. This update addresses the issue by respecting the priority setting of the calling process if the caller is the superuser or the user who was successfully logged in.\r\n\r\n *\r\n\r\n telnet\r\n\r\n CVE-ID: CVE-2009-0158\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in telnet command. Connecting to a TELNET server with a very long canonical name in its DNS address record may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n WebKit\r\n\r\n CVE-ID: CVE-2009-0945\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Visiting a maliciously crafted website may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in WebKit&#39;s handling of SVGList objects. Visiting a maliciously crafted website may lead to arbitrary code execution. This update addresses the issue through improved bounds checking. For Mac OS X v10.4.11 and Mac OS X Server v10.4.11, updating to Safari 3.2.3 will address this issue. Credit to Nils working with TippingPoint&#39;s Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2006-0747, CVE-2007-2754\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.1.4\r\n\r\n Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by updating FreeType to version 2.3.8. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-2383\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Displaying maliciously crafted data within an xterm terminal may lead to arbitrary code execution\r\n\r\n Description: The xterm program supports a command sequence known as DECRQSS that can be used to return information about the current terminal. The information returned is sent as terminal input similar to keyboard input by a user. Within an xterm terminal, displaying maliciously crafted data containing such sequences may result in command injection. This update addresses the issue by performing additional validation of the output data. This issue does not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2008-1382, CVE-2009-0040\r\n\r\n Available for: Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.26\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.26, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating libpng to version 1.2.35. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html These issues do not affect systems prior to Mac OS X v10.5.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946\r\n\r\n Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5 through v10.5.6, Mac OS X Server v10.5 through v10.5.6\r\n\r\n Impact: Multiple vulnerabilities in FreeType v2.3.8\r\n\r\n Description: Multiple integer overflows exist in FreeType v2.3.8, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issues through improved bounds checking. Credit to Tavis Ormandy of the Google Security Team for reporting these issues.\r\n", "modified": "2009-05-14T00:00:00", "published": "2009-05-14T00:00:00", "id": "SECURITYVULNS:DOC:21825", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21825", "title": "About the security content of Security Update 2009-002 / Mac OS X v10.5.7", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-05-29T14:33:35", "bulletinFamily": "unix", "description": "The ipsec-tools package is used in conjunction with the IPsec functionality\nin the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It\nwas possible for a remote attacker to cause the racoon daemon to consume\nall available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains\nbackported patches that resolve these issues.", "modified": "2017-09-08T11:48:26", "published": "2008-08-26T04:00:00", "id": "RHSA-2008:0849", "href": "https://access.redhat.com/errata/RHSA-2008:0849", "type": "redhat", "title": "(RHSA-2008:0849) Important: ipsec-tools security update", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:35", "bulletinFamily": "unix", "description": "It was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the \u201cracoon\u201d key exchange server could allocate large amounts of memory, possibly leading to a denial of service.", "modified": "2008-09-08T00:00:00", "published": "2008-09-08T00:00:00", "id": "USN-641-1", "href": "https://usn.ubuntu.com/641-1/", "title": "Racoon vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:33:34", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0849\n\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality\nin the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nTwo denial of service flaws were found in the ipsec-tools racoon daemon. It\nwas possible for a remote attacker to cause the racoon daemon to consume\nall available memory. (CVE-2008-3651, CVE-2008-3652)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015207.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015208.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015215.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015216.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015222.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015224.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015226.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-August/015228.html\n\n**Affected packages:**\nipsec-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0849.html", "modified": "2008-08-30T15:18:25", "published": "2008-08-26T22:54:10", "href": "http://lists.centos.org/pipermail/centos-announce/2008-August/015207.html", "id": "CESA-2008:0849", "title": "ipsec security update", "type": "centos", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "description": "### Background\n\nIPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. \n\n### Description\n\nTwo Denial of Service vulnerabilities have been reported in racoon: \n\n * The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). \n * Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an \"orphaned ph1\" (phase 1) handle when it has been initiated remotely (CVE-2008-3652). \n\n### Impact\n\nAn attacker could exploit these vulnerabilities to cause a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll IPsec-Tools users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-firewall/ipsec-tools-0.7.1\"", "modified": "2008-12-02T00:00:00", "published": "2008-12-02T00:00:00", "id": "GLSA-200812-03", "href": "https://security.gentoo.org/glsa/200812-03", "type": "gentoo", "title": "IPsec-Tools: racoon Denial of Service", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:19:51", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 30657\r\nCVE(CAN) ID: CVE-2008-3651,CVE-2008-3652\r\n\r\nIPsec-Tools\u662fKAME\u7684IPsec\u5de5\u5177\u5230Linux\u5e73\u53f0\u4e0a\u7684\u79fb\u690d\u3002\r\n\r\nipsec-tools\u7684racoon\u5b88\u62a4\u8fdb\u7a0b\u7684src/racoon/handler.c\u6587\u4ef6\u6ca1\u6709\u5220\u9664\u8fdc\u7a0b\u521d\u59cb\u5316\u7684\u5b64\u513fph1\u53e5\u67c4\uff0cracoon/proposal.c\u6587\u4ef6\u4e2d\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u3002\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u53d1\u9001\u4e86\u65e0\u6548\u8bf7\u6c42\u62a5\u6587\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u5bfc\u81f4\u8017\u5c3d\u6240\u6709\u53ef\u7528\u5185\u5b58\u3002\n\nIPsec-Tools &lt; 0.7.1\n RedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08RHSA-2008:0849-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2008:0849-01\uff1aImportant: ipsec-tools security update\r\n\u94fe\u63a5\uff1a<a href=https://www.redhat.com/support/errata/RHSA-2008-0849.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0849.html</a>\r\n\r\nGentoo\r\n------\r\nGentoo\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08GLSA-200812-03\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nGLSA-200812-03\uff1aIPsec-Tools: racoon Denial of Service\r\n\u94fe\u63a5\uff1a<a href=http://security.gentoo.org/glsa/glsa-200812-03.xml target=_blank>http://security.gentoo.org/glsa/glsa-200812-03.xml</a>\r\n\r\n\u6240\u6709IPsec-Tools\u7528\u6237\u90fd\u5e94\u5347\u7ea7\u5230\u6700\u65b0\u7248\u672c\uff1a\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot -v &quot;&gt;=net-firewall/ipsec-tools-0.7.1&quot;", "modified": "2008-12-05T00:00:00", "published": "2008-12-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4522", "id": "SSV:4522", "title": "IPsec-Tools\u591a\u4e2a\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": ""}]}