5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.187 Low
EPSS
Percentile
96.2%
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to
cause a denial of service (memory consumption) via vectors involving (1)
signature verification during user authentication with X.509 certificates,
related to the eay_check_x509sign function in src/racoon/crypto_openssl.c;
and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to
src/racoon/nattraversal.c.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | ipsec-tools | < 1:0.6.5-4ubuntu1.3 | UNKNOWN |
ubuntu | 8.04 | noarch | ipsec-tools | < 1:0.6.7-1.1ubuntu1.2 | UNKNOWN |
ubuntu | 8.10 | noarch | ipsec-tools | < 1:0.7-2.1ubuntu1.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | ipsec-tools | < 1:0.7-2.1ubuntu1.9.04.1 | UNKNOWN |