9 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaust computational resources on the remote endpoint by repeatedly sending ISAKMP fragment packets in a particular order such that the worst-case computational complexity is realized in the algorithm utilized to determine if reassembly of the fragments can take place. El demonio racoon en IPsec-Tools versión 0.8.2 contiene un ataque de complejidad computacional explotable remotamente al analizar y almacenar fragmentos ISAKMP. La implementación permite que un atacante remoto agote los recursos computacionales en el endpoint remoto mediante el envío repetido de paquetes de fragmentos ISAKMP en un orden determinado de modo que la complejidad computacional del peor de los casos se realice en el algoritmo utilizado para determinar si el reensamblaje de los fragmentos puede tener lugar. • http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1 http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c?only_with_tag=MAIN https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682 • CWE-407: Inefficient Algorithmic Complexity •

CVSS: 7.8EPSS: 1%CPEs: 45EXPL: 4

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html http://seclists.org/fulldisclosure/2015/May/81 http://seclists.org/fulldisclosure/2015/May/83 http://www.debian.org/security/2015/dsa-3272 http://www.openwall.com/lists/oss-security/2015/05/20/1 http://www.openwall.com/lists/oss-security/20 • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 18%CPEs: 35EXPL: 0

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. Múltiples fugas de memoria en Ipsec-tools versiones anteriores a v0.7.2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de vectores envueltos (1) en la verificación de firma durante la autenticación de usuarios con certificados X.509, relacionado con la función eay_check_x509sign en src/racoon/crypto_openssl.c; y (2) la implementación NAT-Traversal (aka NAT-T) keepalive, relacionado con src/racoon/nattraversal.c. • http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h http://kb.juniper.net/InfoCenter& • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.0EPSS: 13%CPEs: 26EXPL: 2

racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference. racoon/isakmp_frag.c en ipsec-tools anterior a v0.7.2, permite a atacantes remotos provocar una denegación de servicio (caída) a través de paquetes fragmentados sin carga, que lanza un deferencia a puntero NULL. • https://www.exploit-db.com/exploits/8669 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html http://secunia.com/advisories/35113 http://secunia.com/advisories/35153 http://secunia.com/advisories/35159 http://secunia.com/advisories/35212 http://secunia& • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 9%CPEs: 1EXPL: 0

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption). src/racoon/handler.c en racoon de ipsec-tools no elimina una gestión "orphaned ph1" (fase 1) cuando se ha iniciado remotamente, lo que permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos). • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://secunia.com/advisories/31478 http://secunia.com/advisories/31624 http://secunia.com/advisories/32759 http://secunia.com/advisories/32971 http://secunia.com/advisories/35074 http://security • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •