Skip to navigation

Security Advisory ipsec-tools security update

Advisory: RHSA-2005:232-10
Type: Security Advisory
Severity: Moderate
Issued on: 2005-03-23
Last updated on: 2005-03-23
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-0398

Details

An updated ipsec-tools package that fixes a bug in parsing of ISAKMP headers
is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The ipsec-tools package is used in conjunction with the IPsec functionality
in the linux kernel. The ipsec-tools package includes:

- setkey, a program to directly manipulate policies and SAs
- racoon, an IKEv1 keying daemon

A bug was found in the way the racoon daemon handled incoming ISAKMP
requests. It is possible that an attacker could crash the racoon daemon by
sending a specially crafted ISAKMP packet. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0398 to
this issue.

Additionally, the following issues have been fixed:
- racoon mishandled restarts in the presence of stale administration sockets.
- on Red Hat Enterprise Linux 4, racoon and setkey did not properly set up
forward policies, which prevented tunnels from working.

Users of ipsec-tools should upgrade to this updated package, which contains
backported patches, and is not vulnerable to these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

IA-32:
ipsec-tools-0.2.5-0.7.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 55373f7613bd894b051137eca8c799fb
 
x86_64:
ipsec-tools-0.2.5-0.7.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 4335033d7b3726c4ce1ff9a51747756a
 
Red Hat Desktop (v. 4)

IA-32:
ipsec-tools-0.3.3-6.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 5e608be5a2d36e626451905cdca79252
 
x86_64:
ipsec-tools-0.3.3-6.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 18fbd03935536494294326a7b1895ff6
 
Red Hat Enterprise Linux AS (v. 3)

IA-32:
ipsec-tools-0.2.5-0.7.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 55373f7613bd894b051137eca8c799fb
 
IA-64:
ipsec-tools-0.2.5-0.7.ia64.rpm
File outdated by:  RHSA-2008:0849
    MD5: b646a3cc587fbc09f357fc034a023b50
 
PPC:
ipsec-tools-0.2.5-0.7.ppc.rpm
File outdated by:  RHSA-2008:0849
    MD5: 429e2466025454529bd6c5db6dac8463
 
s390:
ipsec-tools-0.2.5-0.7.s390.rpm
File outdated by:  RHSA-2008:0849
    MD5: fbfda4852a54348abcd7d7e474195782
 
s390x:
ipsec-tools-0.2.5-0.7.s390x.rpm
File outdated by:  RHSA-2008:0849
    MD5: 39fef41381e2bb472937ba83aaa956af
 
x86_64:
ipsec-tools-0.2.5-0.7.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 4335033d7b3726c4ce1ff9a51747756a
 
Red Hat Enterprise Linux AS (v. 4)

IA-32:
ipsec-tools-0.3.3-6.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 5e608be5a2d36e626451905cdca79252
 
IA-64:
ipsec-tools-0.3.3-6.ia64.rpm
File outdated by:  RHSA-2008:0849
    MD5: eb21e0073264ad7010a2b5a4e66538e9
 
PPC:
ipsec-tools-0.3.3-6.ppc.rpm
File outdated by:  RHSA-2008:0849
    MD5: f99ca70bb00a40ea4d4d5fc4397ad953
 
s390:
ipsec-tools-0.3.3-6.s390.rpm
File outdated by:  RHSA-2008:0849
    MD5: f4d588f28fcdb8a543a556a0712ab627
 
s390x:
ipsec-tools-0.3.3-6.s390x.rpm
File outdated by:  RHSA-2008:0849
    MD5: 4c65730a3848f3ac85db031c33de24a9
 
x86_64:
ipsec-tools-0.3.3-6.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 18fbd03935536494294326a7b1895ff6
 
Red Hat Enterprise Linux ES (v. 3)

IA-32:
ipsec-tools-0.2.5-0.7.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 55373f7613bd894b051137eca8c799fb
 
IA-64:
ipsec-tools-0.2.5-0.7.ia64.rpm
File outdated by:  RHSA-2008:0849
    MD5: b646a3cc587fbc09f357fc034a023b50
 
x86_64:
ipsec-tools-0.2.5-0.7.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 4335033d7b3726c4ce1ff9a51747756a
 
Red Hat Enterprise Linux ES (v. 4)

IA-32:
ipsec-tools-0.3.3-6.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 5e608be5a2d36e626451905cdca79252
 
IA-64:
ipsec-tools-0.3.3-6.ia64.rpm
File outdated by:  RHSA-2008:0849
    MD5: eb21e0073264ad7010a2b5a4e66538e9
 
x86_64:
ipsec-tools-0.3.3-6.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 18fbd03935536494294326a7b1895ff6
 
Red Hat Enterprise Linux WS (v. 3)

IA-32:
ipsec-tools-0.2.5-0.7.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 55373f7613bd894b051137eca8c799fb
 
IA-64:
ipsec-tools-0.2.5-0.7.ia64.rpm
File outdated by:  RHSA-2008:0849
    MD5: b646a3cc587fbc09f357fc034a023b50
 
x86_64:
ipsec-tools-0.2.5-0.7.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 4335033d7b3726c4ce1ff9a51747756a
 
Red Hat Enterprise Linux WS (v. 4)

IA-32:
ipsec-tools-0.3.3-6.i386.rpm
File outdated by:  RHSA-2008:0849
    MD5: 5e608be5a2d36e626451905cdca79252
 
IA-64:
ipsec-tools-0.3.3-6.ia64.rpm
File outdated by:  RHSA-2008:0849
    MD5: eb21e0073264ad7010a2b5a4e66538e9
 
x86_64:
ipsec-tools-0.3.3-6.x86_64.rpm
File outdated by:  RHSA-2008:0849
    MD5: 18fbd03935536494294326a7b1895ff6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

145531 - CAN-2005-0398 racoon DoS
145535 - CAN-2005-0398 racoon DoS
148950 - racoon unable to start with stale socket /tmp/.racoon
150179 - ipsec/racoon/setkey does not properly forward packets to vpn peer


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/