Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64025

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)

Resumen: The remote host is missing an update to ipsec-tools;announced via advisory MDVSA-2009:114.

Descripción: Summary:
The remote host is missing an update to ipsec-tools
announced via advisory MDVSA-2009:114.

Vulnerability Insight:
Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
attackers to cause a denial of service (memory consumption) via vectors
involving (1) signature verification during user authentication with
X.509 certificates, related to the eay_check_x509sign function in
src/racoon/crypto_openssl.c, and (2) the NAT-Traversal (aka NAT-T)
keepalive implementation, related to src/racoon/nattraversal.c
(CVE-2009-1632).

The updated packages have been patched to prevent this.

Affected: Corporate 4.0, Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1632
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
BugTraq ID: 34765
http://www.securityfocus.com/bid/34765
Debian Security Information: DSA-1804 (Google Search)
http://www.debian.org/security/2009/dsa-1804
http://security.gentoo.org/glsa/glsa-200905-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:114
http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce
http://marc.info/?l=oss-security&m=124101704828036&w=2
http://www.openwall.com/lists/oss-security/2009/05/12/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581
http://www.redhat.com/support/errata/RHSA-2009-1036.html
http://secunia.com/advisories/35153
http://secunia.com/advisories/35159
http://secunia.com/advisories/35212
http://secunia.com/advisories/35404
http://secunia.com/advisories/35685
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.ubuntu.com/usn/USN-785-1
http://www.vupen.com/english/advisories/2009/3184

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64025
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:114 (ipsec-tools)
Resumen:	The remote host is missing an update to ipsec-tools;announced via advisory MDVSA-2009:114.
Descripción:	Summary: The remote host is missing an update to ipsec-tools announced via advisory MDVSA-2009:114. Vulnerability Insight: Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c, and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c (CVE-2009-1632). The updated packages have been patched to prevent this. Affected: Corporate 4.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1632 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html BugTraq ID: 34765 http://www.securityfocus.com/bid/34765 Debian Security Information: DSA-1804 (Google Search) http://www.debian.org/security/2009/dsa-1804 http://security.gentoo.org/glsa/glsa-200905-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:114 http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce http://marc.info/?l=oss-security&m=124101704828036&w=2 http://www.openwall.com/lists/oss-security/2009/05/12/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581 http://www.redhat.com/support/errata/RHSA-2009-1036.html http://secunia.com/advisories/35153 http://secunia.com/advisories/35159 http://secunia.com/advisories/35212 http://secunia.com/advisories/35404 http://secunia.com/advisories/35685 SuSE Security Announcement: SUSE-SR:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://www.ubuntu.com/usn/USN-785-1 http://www.vupen.com/english/advisories/2009/3184
Copyright	Copyright (C) 2009 E-Soft Inc.