CVE-2009-1632
published 2009-05-14CVE-2009-1632: Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature…
PriorityP420medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
2.02%
78.5th percentile
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ipsec-tools | ipsec-tools | <= 0.7.1 | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
| ipsec-tools | ipsec-tools | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ipsec-tools vulnerabilities
vendor_ubuntu·2009-06-09·CVSS 5.0
CVE-2009-1574 [MEDIUM] ipsec-tools vulnerabilities
Title: ipsec-tools vulnerabilities
Summary: ipsec-tools vulnerabilities
It was discovered that ipsec-tools did not properly handle certain
fragmented packets. A remote attacker could send specially crafted packets
to the server and cause a denial of service. (CVE-2009-1574)
It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages. A remote attacker could send specially crafted packets
to the server and exhaust available memory, leading to a denial of service.
(CVE-2009-1632)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
ipsec-tools: multiple memory leaks fixed in 0.7.2
vendor_redhat·2009-04-22·CVSS 5.0
CVE-2009-1632 [MEDIUM] CWE-401 ipsec-tools: multiple memory leaks fixed in 0.7.2
ipsec-tools: multiple memory leaks fixed in 0.7.2
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
Package: ipsec-tools (Red Hat Enterprise Linux 4) - Will not fix
GHSA
GHSA-r3x2-g3qw-mvq3: Multiple memory leaks in Ipsec-tools before 0
ghsa_unreviewed·2022-05-02
CVE-2009-1632 [MEDIUM] GHSA-r3x2-g3qw-mvq3: Multiple memory leaks in Ipsec-tools before 0
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.
No detection rules found.
No public exploits indexed.
http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.chttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=hhttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.chttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=hhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://marc.info/?l=oss-security&m=124101704828036&w=2http://secunia.com/advisories/35153http://secunia.com/advisories/35159http://secunia.com/advisories/35212http://secunia.com/advisories/35404http://secunia.com/advisories/35685http://security.gentoo.org/glsa/glsa-200905-03.xmlhttp://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announcehttp://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611http://support.apple.com/kb/HT3937http://www.debian.org/security/2009/dsa-1804http://www.mandriva.com/security/advisories?name=MDVSA-2009:114http://www.openwall.com/lists/oss-security/2009/05/12/3http://www.redhat.com/support/errata/RHSA-2009-1036.htmlhttp://www.securityfocus.com/bid/34765http://www.ubuntu.com/usn/USN-785-1http://www.vupen.com/english/advisories/2009/3184https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581https://trac.ipsec-tools.net/ticket/303http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.chttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=hhttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.chttp://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=hhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://marc.info/?l=oss-security&m=124101704828036&w=2http://secunia.com/advisories/35153http://secunia.com/advisories/35159http://secunia.com/advisories/35212http://secunia.com/advisories/35404http://secunia.com/advisories/35685http://security.gentoo.org/glsa/glsa-200905-03.xmlhttp://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announcehttp://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611http://support.apple.com/kb/HT3937http://www.debian.org/security/2009/dsa-1804http://www.mandriva.com/security/advisories?name=MDVSA-2009:114http://www.openwall.com/lists/oss-security/2009/05/12/3http://www.redhat.com/support/errata/RHSA-2009-1036.htmlhttp://www.securityfocus.com/bid/34765http://www.ubuntu.com/usn/USN-785-1http://www.vupen.com/english/advisories/2009/3184https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581https://trac.ipsec-tools.net/ticket/303
2009-05-14
Published