2808 matches found
Sun Solaris远程IPv6 IPSec报文拒绝服务漏洞
Sun Solaris是一款商业性质的操作系统。 配置了使用IPv6 ip67p但没有使用IPsec stack ipsec7P的Solaris系统不正确处理恶意报文,远程攻击者可以利用漏洞对系统进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Sun Solaris 10x86 Sun Solaris 10 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102919-1&searchclause=...
Debian DSA-1299-1 : ipsec-tools - missing input sanitising
It was discovered that a specially crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. The oldstable distribution sarge isn't affected by this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive tex...
[SECURITY] [DSA 1299-1] New ipsec-tools packages fix denial of service
--------------------------------------------------------------------------- Debian Security Advisory DSA 1299-1 [email protected] http://www.debian.org/security/ dann frazier June 7th, 2007 http://www.debian.org/security/faq -...
DSA-1299-1 ipsec-tools
Bulletin has no description...
RHEL 5 : ipsec-tools (RHSA-2007:0342)
Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionali...
ipsec security update
CentOS Errata and Security Advisory CESA-2007:0342 Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools packag...
ipsec-tools racoon DoS
The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...
Moderate: Red Hat Security Advisory: ipsec-tools security update
Updated ipsec-tools packages that fix a denial of service flaw in racoon are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionali...
GLSA-200705-09 : IPsec-Tools: Denial of Service
The remote host is affected by the vulnerability described in GLSA-200705-09 IPsec-Tools: Denial of Service The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY ISAKMPNPTYPEN packets are encrypted. Impact : A remote attacker could send a...
CVE-2007-2524
Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...
CVE-2007-2524
Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...
IPsec-Tools: Denial of service
Background IPsec-Tools is a port of KAME's implementation of the IPsec utilities. It contains a collection of network monitoring tools, including racoon, ping, and ping6. Description The isakmpinforecv function in src/racoon/isakmpinf.c does not always check that DELETE ISAKMPNPTYPED and NOTIFY...
Cisco PIX and ASA authentication bypass vulnerability
Overview The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and...
Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2007:084)
The ipsec-tools package prior to version 0.6.7 allows remote attackers to cause a Denial of Service tunnel crash via crafted DELTE and NOTIFY messages. Updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Microsoft Windows DNS服务器RPC接口远程栈溢出漏洞
Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows DNS服务器的RPC接口在处理畸形请求时存在栈溢出漏洞,远程攻击者可能利用此漏洞获取服务器的管理权限。 如果远程攻击者能够向有漏洞的系统发送特制的RPC报文的话,就可以触发这个溢出,导致以DNS服务的安全环境执行任意指令(默认为Local SYSTEM)。 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 SP1 Microsoft Windows 2000SP4 临时解决方法:...
[USN-450-1] ipsec-tools vulnerability
=========================================================== Ubuntu Security Notice USN-450-1 April 09, 2007 ipsec-tools vulnerability CVE-2007-1841 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubunt...
Racoon IPSec key exchange DoS
It's possible to disrupts established IPSec tunnels...
CVE-2007-1841
The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...
CVE-2007-1841
The isakmpinforecv function in src/racoon/isakmpinf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service tunnel crash via crafted 1 DELETE ISAKMPNPTYPED and 2 NOTIFY ISAKMPNPTYPEN messages...
CVE-2007-1841
Removed by vendor...