Family: Fedora Local Security Checks --> Category: infos
Fedora Core 2 2004-132: ipsec-tools Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the ipsec-tools package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory FEDORA-2004-132 (ipsec-tools).
This is the IPsec-Tools package. You need this package in order to
really use the IPsec functionality in the linux-2.5+ kernels. This
- libipsec, a PFKeyV2 library
- setkey, a program to directly manipulate policies and SAs
- racoon, an IKEv1 keying daemon
An updated ipsec-tools package that fixes vulnerabilities in racoon (the
ISAKMP daemon) is now available.
When ipsec-tools receives an ISAKMP header, it will attempt to allocate
sufficient memory for the entire ISAKMP message according to the header's
length field. If a possible hacker crafts an ISAKMP header with a extremely large
value in the length field, racoon may exceed operating system resource
limits and be terminated, resulting in a denial of service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0403 to this issue.
Solution : http://www.fedoranews.org/updates/FEDORA-2004-132.shtml
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.