CVE-2009-1574
published 2009-05-06CVE-2009-1574: racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload…
PriorityP427medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
11.63%
95.5th percentile
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipsec-tools | ipsec-tools | <= 0.7.1 | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x442-849f-mv4r: racoon/isakmp_frag
ghsa_unreviewed·2022-05-02
CVE-2009-1574 [MEDIUM] GHSA-x442-849f-mv4r: racoon/isakmp_frag
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
Ubuntu
ipsec-tools vulnerabilities
vendor_ubuntu·2009-06-09·CVSS 5.0
CVE-2009-1574 [MEDIUM] ipsec-tools vulnerabilities
Title: ipsec-tools vulnerabilities
Summary: ipsec-tools vulnerabilities
It was discovered that ipsec-tools did not properly handle certain
fragmented packets. A remote attacker could send specially crafted packets
to the server and cause a denial of service. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages. A remote attacker could send specially crafted packets
to the server and exhaust available memory, leading to a denial of service.
(CVE-2009-1632)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
ipsec-tools: racoon NULL dereference in fragmentation code
vendor_redhat·2009-04-22·CVSS 5.0
CVE-2009-1574 [MEDIUM] CWE-476 ipsec-tools: racoon NULL dereference in fragmentation code
ipsec-tools: racoon NULL dereference in fragmentation code
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.
No detection rules found.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35113http://secunia.com/advisories/35153http://secunia.com/advisories/35159http://secunia.com/advisories/35212http://secunia.com/advisories/35404http://secunia.com/advisories/35685http://security.gentoo.org/glsa/glsa-200905-03.xmlhttp://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611http://support.apple.com/kb/HT3937http://support.apple.com/kb/HT4298http://www.debian.org/security/2009/dsa-1804http://www.mandriva.com/security/advisories?name=MDVSA-2009:112http://www.openwall.com/lists/oss-security/2009/04/29/6http://www.openwall.com/lists/oss-security/2009/05/04/3http://www.redhat.com/support/errata/RHSA-2009-1036.htmlhttp://www.securityfocus.com/bid/34765http://www.ubuntu.com/usn/USN-785-1http://www.vupen.com/english/advisories/2009/3184https://bugzilla.redhat.com/show_bug.cgi?id=497990https://exchange.xforce.ibmcloud.com/vulnerabilities/50412https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.apple.com/archives/security-announce/2010//Dec/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://secunia.com/advisories/35113http://secunia.com/advisories/35153http://secunia.com/advisories/35159http://secunia.com/advisories/35212http://secunia.com/advisories/35404http://secunia.com/advisories/35685http://security.gentoo.org/glsa/glsa-200905-03.xmlhttp://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611http://support.apple.com/kb/HT3937http://support.apple.com/kb/HT4298http://www.debian.org/security/2009/dsa-1804http://www.mandriva.com/security/advisories?name=MDVSA-2009:112http://www.openwall.com/lists/oss-security/2009/04/29/6http://www.openwall.com/lists/oss-security/2009/05/04/3http://www.redhat.com/support/errata/RHSA-2009-1036.htmlhttp://www.securityfocus.com/bid/34765http://www.ubuntu.com/usn/USN-785-1http://www.vupen.com/english/advisories/2009/3184https://bugzilla.redhat.com/show_bug.cgi?id=497990https://exchange.xforce.ibmcloud.com/vulnerabilities/50412https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.html
2009-05-06
Published