Ubuntu 4.10 / 5.04 / 5.10 : ipsec-tools vulnerability (USN-221-1)

The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer...

Ubuntu 4.10 : ipsec-tools vulnerability (USN-107-1)

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash. This update does not introduce any source code changes affecting the ipsec-tools packag...

Ubuntu 4.10 / 5.04 : linux-source-2.6.8.1, linux-source-2.6.10 vulnerabilities (USN-169-1)

David Howells discovered a local Denial of Service vulnerability in the key session joining function. Under certain user-triggerable conditions, a semaphore was not released properly, which caused processes which also attempted to join a key session to hang forever. This only affects Ubuntu 5.04...

SUSE-SA:2005:070: ipsec-tools,freeswan,openswan

The remote host is missing the patch for the advisory SUSE-SA:2005:070 ipsec-tools,freeswan,openswan. Openswan, Freeswan and raccoon ipsec-tools have been updated to fix crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto. The ipsec-tools /...

CVE-2005-4570

The Internet Key Exchange version 1 IKEv1 implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service termination of a process that is automatically restarted via IKE packets with invalid values of...

CVE-2005-4570

The CVE-2005-4570 entry concerns IKEv1 implementations in Fortinet FortiOS (versions 2.50, 2.80, 3.0), FortiClient 2.0, and FortiManager 2.80/3.0, where remote attackers can trigger a denial of service by sending IKE/ISAKMP packets with invalid IPSec attribute values. The issue is tied to process...

CVE-2005-4321

CVE-2005-4321 aggregates multiple IKEv1 vulnerabilities affecting various implementations of IPsec/IKE tooling (notably ipsec-tools racoon and related products) that were demonstrated via the PROTOS ISAKMP test suite and could lead to a denial of service. Connected advisories describe multiple CV...

CVE-2005-4321

The Internet Key Exchange version 1 IKEv1 implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service crash via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the...

GLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation

The remote host is affected by the vulnerability described in GLSA-200512-04 Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation The Oulu University Secure Programming Group OUSPG discovered that various ISAKMP implementations, including Openswan and racoon included in the...

Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation

Background Openswan is an implementation of IPsec for Linux. IPsec-Tools is a port of KAME's implementation of the IPsec utilities, including racoon, an Internet Key Exchange daemon. Internet Key Exchange version 1 IKEv1, a derivate of ISAKMP, is an important part of IPsec. IPsec is widely used t...

Multiple OSs, routers and firewalls IPSec ISAKMP IKE DoS

Multiple vulnerabilities detected with PROTOS IPSec security scanner...

CVE-2005-4090

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact...

CVE-2005-4090

Technical details about CVE-2005-4090 are not publicly provided in the supplied documents. Monitor for updates as new information becomes available.

CVE-2005-4090

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact...

[security bulletin] SSRT051037 HP-UX Running IPSec Remote Unauthorized Access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00574124 Version: 1 HPSBUX02082 SSRT051037 HP-UX Running IPSec Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date:...

Multiple HP-UX vulnerabilities

IP packets DoS, IPSec remote unauthorized access...

[SA17668] IPsec-Tools ISAKMP IKE Message Processing Denial of Service

TITLE: IPsec-Tools ISAKMP IKE Message Processing Denial of Service SECUNIA ADVISORY ID: SA17668 VERIFY ADVISORY: http://secunia.com/advisories/17668/ CRITICAL: Moderately critical IMPACT: DoS WHERE: From remote SOFTWARE: IPsec-Tools 0.x http://secunia.com/product/3352/ DESCRIPTION: A vulnerabilit...

CVE-2005-3753

Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service Oops via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker...

CVE-2005-3753

Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service Oops via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker...

CVE-2005-3753

CVE-2005-3753 affects the Linux kernel in the 2.6.x line, around versions near 2.6.12 up to 2.6.13.1. The issue could allow a denial of service (an Oops) via certain IPSec packets that trigger alignment problems in standard multi-block cipher processors. The description notes it is not clear whet...