Test ID:	1.3.6.1.4.1.25623.1.0.55949
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-221-1 (ipsec-tools)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ipsec-tools announced via advisory USN-221-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: racoon The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon. Please be aware that racoon is not officially supported by Ubuntu, the package is in the 'universe' component of the archive. Solution: The problem can be corrected by upgrading the affected package to version 0.3.3-1ubuntu0.2 (for Ubuntu 4.10), 1:0.5-5ubuntu0.1 (for Ubuntu 5.04), or 1:0.6-1ubuntu1.1 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-221-1 Risk factor : High CVSS Score: 7.8
Cross-Ref:	BugTraq ID: 15523 Common Vulnerability Exposure (CVE) ID: CVE-2005-3732 1015254 http://securitytracker.com/id?1015254 15523 http://www.securityfocus.com/bid/15523 17668 http://secunia.com/advisories/17668 17822 http://secunia.com/advisories/17822 17980 http://secunia.com/advisories/17980 18115 http://secunia.com/advisories/18115 18616 http://secunia.com/advisories/18616 18742 http://secunia.com/advisories/18742 19833 http://secunia.com/advisories/19833 20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html 20060501-01-U ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc 20210 http://secunia.com/advisories/20210 ADV-2005-2521 http://www.vupen.com/english/advisories/2005/2521 DSA-965 http://www.debian.org/security/2006/dsa-965 FLSA-2006:190941 http://www.securityfocus.com/archive/1/436343/100/0/threaded GLSA-200512-04 http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml MDKSA-2006:020 http://www.mandriva.com/security/advisories?name=MDKSA-2006:020 RHSA-2006:0267 http://rhn.redhat.com/errata/RHSA-2006-0267.html SUSE-SA:2005:070 http://www.novell.com/linux/security/advisories/2005_70_ipsec.html USN-221-1 https://usn.ubuntu.com/221-1/ [ipsec-tools-devel] 20051120 Potential DoS fixed in ipsec-tools http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000 http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/ipsec-tools/src/racoon/isakmp_agg.c?r1=1.20.2.3&r2=1.20.2.4&diff_format=u http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en oval:org.mitre.oval:def:9857 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9857
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.