On May 19, 1:32pm, jvoss@altsci.com (Javantea) wrote: -- Subject: [FD] 0-day Denial of Service in IPsec-Tools | Denial of Service in IPsec-Tools | Vulnerability Report | May 19, 2015 | | Product: IPsec-Tools | Version: 0.8.2 | Website: http://ift.tt/1lY08Yp | CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) | | IPsec-Tools is vulnerable to a 0-day exploit that I made available yesterday. It is a null dereference crash in racoon in gssapi.c. It requires HAVE_GSSAPI to be set, which is a configuration option. The impact is a denial of service against the IKE daemon. Because IPsec is critical infrastructure and this attack requires two UDP packets, it deserves a medium rating. This denial of service violates the premise that IPsec's security is built upon. More information about the impact can be found on my website linked below. | | If you're running IPsec-Tools, replace it sensibly as soon as possible. The reason this exploit is being released without patch on full disclosure is because the authors have apparently abandoned the software. | | The vulnerability: | | racoon/gssapi.c:205:static int gssapi_init(struct ph1handle *iph1) | | if (iph1->rmconf->proposal->gssid != NULL) { | | The exploit is available on my website: | http://ift.tt/1PvJpR0 The fix is trivial and does not seem to affect the preshared key authentication method. Looks to me like a simple DoS attack that does not have any additional impact. christos
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment