Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ipsec-tools vulnerabilities (USN-641-1)
High Nessus Plugin ID 34116
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that there were multiple ways to leak memory during the IKE negotiation when handling certain packets. If a remote attacker sent repeated malicious requests, the 'racoon' key exchange server could allocate large amounts of memory, possibly leading to a denial of service.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected ipsec-tools and / or racoon packages.