List Info

Thread: ipsec-tools vulnerability (fwd)
ipsec-tools vulnerability (fwd)
country flaguser name
Netherlands		 2007-04-10 13:20:38 
FYI, since some people will be running racoon as well as
openswan.

Unfortunately, this announcement does not contain CVE
numbers, so I do
not yet know more about this flaw, and whether openswan
would be
vulnerable to this as well.

Paul

---------- Forwarded message ----------
Date: Mon, 9 Apr 2007 14:49:54 -0700
From: Kees Cook <keesubuntu.com>
Cc: bugtraqsecurityfocus.com, full-disclosurelists.grok.org.uk
To: ubuntu-security-announcelists.ubuntu.com
Subject: [USN-450-1] ipsec-tools vulnerability

===========================================================
Ubuntu Security Notice USN-450-1             April 09, 2007
ipsec-tools vulnerability
CVE-2007-1841
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to
the
following package versions:

Ubuntu 5.10:
   racoon                                  
1:0.6-1ubuntu1.2

Ubuntu 6.06 LTS:
   racoon                                  
1:0.6.5-4ubuntu1.1

Ubuntu 6.10:
   racoon                                  
1:0.6.6-1ubuntu1.1

In general, a standard system upgrade is sufficient to
effect the
necessary changes.

Details follow:

A flaw was discovered in the IPSec key exchange server
"racoon".  Remote
attackers could send a specially crafted packet and disrupt
established
IPSec tunnels, leading to a denial of service.


Updated packages for Ubuntu 5.10:

   Source archives:

     http://security.ubun
tu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubunt
u1.2.diff.gz
       Size/MD5:    49914 f9b78c315fca90ed3bc0414bd75e1af4
     http://security.ubuntu.c
om/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.2
.dsc
       Size/MD5:      685 0d7bfd09b84793c462d4527a6c4ab0f4
     http://security.ubuntu.com/
ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.orig.tar.gz
       Size/MD5:   905983 2cd85d36012b4d2c6947f7c17ad45b3e

   amd64 architecture (Athlon64, Opteron, EM64T Xeon)

     http://security.ub
untu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubu
ntu1.2_amd64.deb
       Size/MD5:    85246 259e1e03ca9fd4661ed88dbea06bb831
     http://security.ubu
ntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubunt
u1.2_amd64.deb
       Size/MD5:   326370 071df1b5a354c30f353cf005fb69e270

   i386 architecture (x86 compatible Intel/AMD)

     http://security.ubu
ntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubun
tu1.2_i386.deb
       Size/MD5:    79020 d06f8e37ce17fdc15dd2c6da4da50d88
     http://security.ubun
tu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu
1.2_i386.deb
       Size/MD5:   298124 eb6ea62df164667a2163085dc96d7931

   powerpc architecture (Apple Macintosh G3/G4/G5)

     http://security.
ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1u
buntu1.2_powerpc.deb
       Size/MD5:    87038 f00b3cec38a0ff1a1b3c4a7243295dcb
     http://security.u
buntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubu
ntu1.2_powerpc.deb
       Size/MD5:   319626 9d2da8c6c13dadcdd950e8570db42e7f

   sparc architecture (Sun SPARC/UltraSPARC)

     http://security.ub
untu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubu
ntu1.2_sparc.deb
       Size/MD5:    82548 05b9da217516d1404b32c1d38e0b2945
     http://security.ubu
ntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubunt
u1.2_sparc.deb
       Size/MD5:   304264 df21a8fd7cfc0f6470334be9fb5f62b2

Updated packages for Ubuntu 6.06 LTS:

   Source archives:

     http://security.ub
untu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4u
buntu1.1.diff.gz
       Size/MD5:    44591 3554a1b77b948ad800fed2200066a7a1
     http://security.ubuntu
.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4ubunt
u1.1.dsc
       Size/MD5:      704 531ff24f12e49cfb07812ffb3f4e6c11
     http://security.ubuntu.co
m/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5.orig.tar.
gz
       Size/MD5:   914466 168076243c023782d3fb44a583d4a32c

   amd64 architecture (Athlon64, Opteron, EM64T Xeon)

     http://security.
ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-
4ubuntu1.1_amd64.deb
       Size/MD5:    89324 b91457d40d0a8a6c895438cdc2fdb782
     http://security.ubunt
u.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.1
_amd64.deb
       Size/MD5:   342222 0304f9190057b83cdeafe8b4f3beedfd

   i386 architecture (x86 compatible Intel/AMD)

     http://security.u
buntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-4
ubuntu1.1_i386.deb
       Size/MD5:    82768 a54e62475f73687896de4dcbe6bd79c3
     http://security.ubuntu
.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.1_
i386.deb
       Size/MD5:   311058 79ff6d8320a7aad669788cd908696b45

   powerpc architecture (Apple Macintosh G3/G4/G5)

     http://securit
y.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.
5-4ubuntu1.1_powerpc.deb
       Size/MD5:    91074 7e98db80e5e5d96a866a92215cc84bee
     http://security.ubu
ntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1
.1_powerpc.deb
       Size/MD5:   336600 50a7375fb229d6b262f2f6047640bb4a

   sparc architecture (Sun SPARC/UltraSPARC)

     http://security.
ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.5-
4ubuntu1.1_sparc.deb
       Size/MD5:    86548 e061aa0c4db8dcd939d96d2c9e562571
     http://security.ubunt
u.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-4ubuntu1.1
_sparc.deb
       Size/MD5:   316496 ec993bdb05f50fa613cccd883ca88835

Updated packages for Ubuntu 6.10:

   Source archives:

     http://security.ub
untu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-1u
buntu1.1.diff.gz
       Size/MD5:    47108 b04a05ae841c07fb07eead0f8a6d1420
     http://security.ubuntu
.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-1ubunt
u1.1.dsc
       Size/MD5:      718 4c88c59f8c2117b17020937216bd31d0
     http://security.ubuntu.co
m/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6.orig.tar.
gz
       Size/MD5:   914807 643a238e17148d242c603c511e28d029

   amd64 architecture (Athlon64, Opteron, EM64T Xeon)

     http://security.
ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-
1ubuntu1.1_amd64.deb
       Size/MD5:    90334 89340355fb7b0f10391432416ae35437
     http://security.ubunt
u.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-1ubuntu1.1
_amd64.deb
       Size/MD5:   341446 927cd1b2020d72b32b4312ad3a927cf1

   i386 architecture (x86 compatible Intel/AMD)

     http://security.u
buntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-1
ubuntu1.1_i386.deb
       Size/MD5:    84736 9dc65929932c4c4e4f708a5c8545170d
     http://security.ubuntu
.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-1ubuntu1.1_
i386.deb
       Size/MD5:   318646 06de0a8efb9eae8962ed0569a04d9442

   powerpc architecture (Apple Macintosh G3/G4/G5)

     http://securit
y.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.
6-1ubuntu1.1_powerpc.deb
       Size/MD5:    92158 c993d01b482bc49896b82a91e2dd8b0e
     http://security.ubu
ntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-1ubuntu1
.1_powerpc.deb
       Size/MD5:   335652 132e5dc397d5a9f577a5e95334899bea

   sparc architecture (Sun SPARC/UltraSPARC)

     http://security.
ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-
1ubuntu1.1_sparc.deb
       Size/MD5:    88374 b8a2011817ed8a6d54c907a83a5ad58f
     http://security.ubunt
u.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-1ubuntu1.1
_sparc.deb
       Size/MD5:   317218 d0ece6be848dccbc618d070a86ea1000

_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
Re: ipsec-tools vulnerability (fwd)
country flaguser name
Netherlands		 2007-04-10 13:26:45 
On Tue, 10 Apr 2007, Paul Wouters wrote:

> FYI, since some people will be running racoon as well
as openswan.
>
> Unfortunately, this announcement does not contain CVE
numbers, so I do
> not yet know more about this flaw, and whether openswan
would be
> vulnerable to this as well.

Actually, it does but not very clearly:

> CVE-2007-1841

But it hasn't showed up at mitr yet:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200
7-1841

Paul
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
Re: ipsec-tools vulnerability (fwd)
country flaguser name
Netherlands		 2007-04-11 05:38:31 
Paul Wouters wrote:

> FYI, since some people will be running racoon as well
as openswan.
> 
> Unfortunately, this announcement does not contain CVE
numbers, so I do
> not yet know more about this flaw, and whether openswan
would be
> vulnerable to this as well.

The advisory does not say who informed the Ubuntu team about
this
flaw. It doesn't look like a Ubuntu-only flaw. Mac OS X
appears to
be vulnerable as well, for one.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )