CVE Vulnerabilities

CVE-2008-3652

Published: Aug 13, 2008 | Modified: Sep 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

src/racoon/handler.c in racoon in ipsec-tools does not remove an orphaned ph1 (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

Affected Software

Name Vendor Start Version End Version
Ipsec-tools Ipsec-tools * *
Red Hat Enterprise Linux 3 RedHat ipsec-tools-0:0.2.5-0.7.rhel3.5 *
Red Hat Enterprise Linux 4 RedHat ipsec-tools-0:0.3.3-7.el4_7 *
Red Hat Enterprise Linux 5 RedHat ipsec-tools-0:0.6.5-9.el5_2.3 *
Ipsec-tools Ubuntu dapper *
Ipsec-tools Ubuntu feisty *
Ipsec-tools Ubuntu gutsy *
Ipsec-tools Ubuntu hardy *
Ipsec-tools Ubuntu upstream *

References