Solution
Please Install the Updated Packages.
Insight
The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon.
Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652)
Users of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues.
Affected
ipsec-tools on Red Hat Enterprise Linux AS version 3, Red Hat Enterprise Linux ES version 3,
Red Hat Enterprise Linux WS version 3,
Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4,
Red Hat Enterprise Linux (v. 5 server)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3651, CVE-2008-3652 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities