OracleVM 2.1 : ipsec-tools (OVMSA-2009-0010)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing a security update.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows
remote attackers to cause a denial of service (crash) via crafted
fragmented packets without a payload, which triggers a NULL pointer
dereference.

CVE-2009-1632 Multiple memory leaks in Ipsec-tools before 0.7.2 allow
remote attackers to cause a denial of service (memory consumption) via
vectors involving (1) signature verification during user
authentication with X.509 certificates, related to the
eay_check_x509sign function in src/racoon/crypto_openssl.c and (2)
the NAT-Traversal (aka NAT-T) keepalive implementation, related to
src/racoon/nattraversal.c.

CVE-2008-3651 Memory leak in racoon/proposal.c in the racoon daemon in
ipsec-tools before 0.7.1 allows remote authenticated users to cause a
denial of service (memory consumption) via invalid proposals.

CVE-2008-3652 src/racoon/handler.c in racoon in ipsec-tools does not
remove an 'orphaned ph1' (phase 1) handle when it has been initiated
remotely, which allows remote attackers to cause a denial of service
(resource consumption).

- fix nul dereference in frag code and some memory leaks
(#497990)

- also do not destroy ports in ph2 (#231604)

- improved fix for cleanup of IPSEC SAs in SADB (#231604)

- fix cleanup of IPSEC SAs in SADB (#231604)

- fix segfault in timer (#378551)

- handle new interfaces immediately (#247301)

- eliminate debug logging overhead when log level is lower
(#248567)

- use the adminsock_path as specified on the command line
(#247294)

- link only necessary libraries (#458631)

- make racoon PIE executable (#210023)

- fix for DoS through various memory leaks (CVE-2008-3651
#456660, CVE-2008-3652 #458846)

- use the current kernel headers instead of the private
copy (#446979)

- Resolves: rhbz#435803 - update pfkeyv2.h with new
#defines

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000025.html

Solution :

Update the affected ipsec-tools package.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79457 ()

Bugtraq ID: 30657
34765

CVE ID: CVE-2008-3651
CVE-2008-3652
CVE-2009-1574
CVE-2009-1632

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now