Ubuntu Security Notice (C) 2009-2013 Canonical, Inc. / NASL script (C) 2009-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
It was discovered that ipsec-tools did not properly handle certain
fragmented packets. A remote attacker could send specially crafted
packets to the server and cause a denial of service. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory
usage when verifying certificate signatures or processing
nat-traversal keep-alive messages. A remote attacker could send
specially crafted packets to the server and exhaust available memory,
leading to a denial of service. (CVE-2009-1632).
Update the affected ipsec-tools and / or racoon packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true