This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200705-09
(IPsec-Tools: Denial of Service)
The isakmp_info_recv() function in src/racoon/isakmp_inf.c does not
always check that DELETE (ISAKMP_NPTYPE_D) and NOTIFY (ISAKMP_NPTYPE_N)
packets are encrypted.
A remote attacker could send a specially crafted IPsec message to one
of the two peers during the beginning of phase 1, resulting in the
termination of the IPsec exchange.
There is no known workaround at this time.
See also :
All IPsec-Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.6.7'
Risk factor :
Medium / CVSS Base Score : 4.3