oss-sec mailing list archives

CVE Request (ipsec-tools again)

From: Josh Bressers <bressers () redhat com>
Date: Tue, 12 Aug 2008 13:30:02 -0400

Hi Steve,

So while investigating the ipsec-tools flaw I mailed you about yesterday, I
was told of this:
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel

It's essentially a pre-auth racoon DoS.

You can find the patch from their CVS here:
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c.diff?r1=1.20.6.11&r2=1.20.6.12&f=h

Thanks.

-- 
    JB

Current thread:

CVE Request (ipsec-tools again) Josh Bressers (Aug 12)
- Re: CVE Request (ipsec-tools again) Steven M. Christey (Aug 12)