ipsec-tools-0.6.5-13AXS3.1
エラータID: AXSA:2009-435:03
リリース日:
2009/12/15 Tuesday - 20:40
題名:
ipsec-tools-0.6.5-13AXS3.1
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Ipsec-tools の racoon/isakmp_frag.c には、ペイロードのないフラグメント化されたパケットの処理に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。(CVE-2009-1574)
- Ipsec-tools には、X.509 証明書によるユーザ認証でのシグネチャ検証および NAT-Traversal の keepalive 実装に不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。(CVE-2009-1632)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-1574
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
CVE-2009-1632
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
追加情報:
N/A
ダウンロード:
SRPMS
- ipsec-tools-0.6.5-13AXS3.1.src.rpm
MD5: 1a175ed52fb0b40e5ff912d80bd09403
SHA-256: 13f5570bdc742d5307aac75d56254ac6cabe47b25db8e37db17d4bf40b0f41d0
Size: 702.15 kB
Asianux Server 3 for x86
- ipsec-tools-0.6.5-13AXS3.1.i386.rpm
MD5: 750a8646c17ba3ea2b6a45c5f00ee28f
SHA-256: cc8316df660cbc40154b3e7ac6b2f5f5b6d83b165fa2c33d8eda323a5ccf532f
Size: 381.97 kB
Asianux Server 3 for x86_64
- ipsec-tools-0.6.5-13AXS3.1.x86_64.rpm
MD5: dea7b9b1d07dc0667076252c45176813
SHA-256: 6ea86861e0c657c52b068a9daeba71ceb5a919faf88249885672ce4a70f387be
Size: 396.65 kB