Lucene search
SecurityvulnsSECURITYVULNS:DOC:10435HistoryNov 28, 2005 - 12:00 a.m.
[Full-disclosure] SCOSA-2005.52 OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability
2005-11-2800:00:00
vulners.com
9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SCO Security Advisory
Subject: OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability
Advisory number: SCOSA-2005.52
Issue date: 2005 November 28
Cross reference: sr895064 erg712954 fz533033
CVE-2005-0398
-
Problem Description
Racoon is an IKEv1 keying daemon, a common IPSec Utility. Due to a bug in the way the Racoon parsed incoming ISAKMP packets, an attacker could possibly crash the racoon daemon by sending a specially crafted ISAKMP packet. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0398 to this issue. -
Vulnerable Supported Versions
System Binaries ---------------------------------------------------------------------- OpenServer 6.0.0 /usr/sbin/racoon -
Solution
The proper solution is to install the latest packages. -
OpenServer 6.0.0
4.1 Location of Fixed Binaries ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.52 4.2 Verification MD5 (VOL.000.000) = 6233d4a9b0aa683814f9d8041cf184fb md5 is available for download from ftp://ftp.sco.com/pub/security/tools 4.3 Installing Fixed Binaries Upgrade the affected binaries with the following sequence: 1) Download the VOL* files to a directory. 2) Run the custom command, specify an install from media images, and specify the directory as the location of the images. -
References
Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0398 SCO security resources: http://www.sco.com/support/security/index.html SCO security advisories via email http://www.sco.com/support/forums/security.html This security fix closes SCO incidents sr895064 erg712954 fz533033. -
Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products. -
Acknowledgments
SCO would like to thank Sebastian Krahmer for reporting this vulnerability.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)
iD8DBQFDizxVaqoBO7ipriERAlYMAKCr1GJr7hko5L5SeIQ9lZO302MdyQCeJwc7
MNW1g27sTAq/c0OozetgAd0=
=Ugv/
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Related
redhat
redhat
(RHSA-2005:232) ipsec-tools security update
2005-03-23 00:00:00
nessus
nessus
ipsec-tools KAME racoon Daemon ISAKMP Header Parsing Remote DoS
2005-03-30 00:00:00
Fedora Core 3 : ipsec-tools-0.5-2.fc3 (2005-217)
2005-09-12 00:00:00
SUSE-SA:2005:020: ipsec-tools
2005-04-01 00:00:00
freebsd
freebsd
racoon -- remote denial-of-service
2005-03-12 00:00:00
suse
suse
remote denial of service in ipsec-tools
2005-03-31 15:30:57
ubuntu
ubuntu
racoon vulnerability
2005-04-06 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200503-33 (IPsec-Tools)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200503-33 (IPsec-Tools)
2008-09-24 00:00:00
FreeBSD Ports: racoon
2008-09-04 00:00:00
gentoo
gentoo
IPsec-Tools: racoon Denial of service
2005-03-25 00:00:00
cve
cve
CVE-2005-0398
2005-03-14 05:00:00
debiancve
debiancve
CVE-2005-0398
2005-03-14 05:00:00
ubuntucve
ubuntucve
CVE-2005-0398
2005-03-14 00:00:00
Related for SECURITYVULNS:DOC:10435