Summary
The remote host is missing updates announced in
advisory GLSA 200404-17.
Solution
ipsec-tools users should upgrade to version 0.2.5 or later:
# emerge sync
# emerge -pv '>=net-firewall/ipsec-tools-0.3.1'
# emerge '>=net-firewall/ipsec-tools-0.3.1'
iputils users should upgrade to version 021109-r3 or later:
# emerge sync
# emerge -pv '>=net-misc/iputils-021109-r3'
# emerge '>=net-misc/iputils-021109-r3'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200404-17 http://bugs.gentoo.org/show_bug.cgi?id=48847
http://ipsec-tools.sourceforge.net/
Insight
racoon, which is included in the ipsec-tools and iputils packages in Portage, does not check the length of ISAKMP headers. Attackers may be able to craft an ISAKMP header of sufficient length to consume all available system resoources, causing a Denial of Service.
Severity
Classification
-
CVE CVE-2004-0403 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities