|
|
|
>> Mandriva Security Update Fixes IPsec-Tools Denial of Service Vulnerability
|
Mandriva has released updated packages to address a vulnerability identified in IPsec-Tools. This flaw is due to a NULL pointer dereference in "src/racoon/isakmp_agg.c" when processing malformed IKE (Internet Key Exchange) Phase 1 packets, which could be exploited by remote attackers to cause a denial of service by sending malformed packets to a vulnerable device. For additional information, see : VUPEN/ADV-2005-2521
Affected Products
Mandriva Linux 10.1
Mandriva Linux 10.2
Mandriva Linux 2006.0
Multi Network Firewall 2.0
Solution
Upgrade the affected packages :
Mandriva Linux 10.1:
c1f74be6f3c46152881ded66022a3928 10.1/RPMS/ipsec-tools-0.2.5-2.2.101mdk.i586.rpm
c8416853386be9e80b5f8ac6de16cf93 10.1/RPMS/libipsec-tools0-0.2.5-2.2.101mdk.i586.rpm
278751ee3fca05321059c67f39f1a0f0 10.1/SRPMS/ipsec-tools-0.2.5-2.2.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
5d3d19d02d0d5a8eb5fcc237768fb07f x86_64/10.1/RPMS/ipsec-tools-0.2.5-2.2.101mdk.x86_64.rpm
464dadc90a736f6312a6c143c12a4cce x86_64/10.1/RPMS/lib64ipsec-tools0-0.2.5-2.2.101mdk.x86_64.rpm
278751ee3fca05321059c67f39f1a0f0 x86_64/10.1/SRPMS/ipsec-tools-0.2.5-2.2.101mdk.src.rpm
Mandriva Linux 10.2:
75b061a206ba4a943904d384e489036c 10.2/RPMS/ipsec-tools-0.5-4.2.102mdk.i586.rpm
3c17715ce5bd1e63347e844bca518fa3 10.2/RPMS/libipsec0-0.5-4.2.102mdk.i586.rpm
c221e9fbca14cc956df812605aa67b96 10.2/RPMS/libipsec0-devel-0.5-4.2.102mdk.i586.rpm
313ae7a9fd1eceb117515c61f19f0a2a 10.2/SRPMS/ipsec-tools-0.5-4.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
2de25a175eff7fbb77758993965110a5 x86_64/10.2/RPMS/ipsec-tools-0.5-4.2.102mdk.x86_64.rpm
ff5095c574441578b6e6e1c9384bf05c x86_64/10.2/RPMS/lib64ipsec0-0.5-4.2.102mdk.x86_64.rpm
db6e3f33dc2326528a4c22e199e2c0fa x86_64/10.2/RPMS/lib64ipsec0-devel-0.5-4.2.102mdk.x86_64.rpm
313ae7a9fd1eceb117515c61f19f0a2a x86_64/10.2/SRPMS/ipsec-tools-0.5-4.2.102mdk.src.rpm
Mandriva Linux 2006.0:
a3881692a4ee81a3e4759500691ba86d 2006.0/RPMS/ipsec-tools-0.5.2-5.1.20060mdk.i586.rpm
4523963e017054a149cc9c6c46e6fa39 2006.0/RPMS/libipsec0-0.5.2-5.1.20060mdk.i586.rpm
9208a98bc79efce31e8bf08c5a409431 2006.0/RPMS/libipsec0-devel-0.5.2-5.1.20060mdk.i586.rpm
390a8547034610a0ebd6a30f8752c36d 2006.0/SRPMS/ipsec-tools-0.5.2-5.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
89c02c5eebb80544fb54cf8876183d92 x86_64/2006.0/RPMS/ipsec-tools-0.5.2-5.1.20060mdk.x86_64.rpm
833ab780f0ef3eb86da1c2aa82746c72 x86_64/2006.0/RPMS/lib64ipsec0-0.5.2-5.1.20060mdk.x86_64.rpm
d875aeb7f90b36eba89ff2e2b901a3cc x86_64/2006.0/RPMS/lib64ipsec0-devel-0.5.2-5.1.20060mdk.x86_64.rpm
390a8547034610a0ebd6a30f8752c36d x86_64/2006.0/SRPMS/ipsec-tools-0.5.2-5.1.20060mdk.src.rpm
Multi Network Firewall 2.0:
3a441d674beb304f607975502cb2f302 mnf/2.0/RPMS/ipsec-tools-0.2.5-0.4.M20mdk.i586.rpm
109a0184382426bd065df6000f64189d mnf/2.0/RPMS/libipsec-tools0-0.2.5-0.4.M20mdk.i586.rpm
96dacbdb35121f2f876d1bb19cb00c24 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.4.M20mdk.src.rpm
References
http://www.vupen.com/english/advisories/2006/0339
http://www.frsirt.com/english/reference/5032
ChangeLog
2006-01-25 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
