CVE-2009-1632

Published: May 14, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.

Affected (35)

Products: Ipsec Tools: Ipsec Tools

1 product

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Ipsec Tools Ipsec Tools	Up to 0.7.1
Ipsec Tools Ipsec Tools	Version 0.1
Ipsec Tools Ipsec Tools	Version 0.2.1
Ipsec Tools Ipsec Tools	Version 0.2.2
Ipsec Tools Ipsec Tools	Version 0.2.3
Ipsec Tools Ipsec Tools	Version 0.2.4
Ipsec Tools Ipsec Tools	Version 0.2
Ipsec Tools Ipsec Tools	Version 0.3.1
Ipsec Tools Ipsec Tools	Version 0.3.2
Ipsec Tools Ipsec Tools	Version 0.3.3
Ipsec Tools Ipsec Tools	Version 0.3
Ipsec Tools Ipsec Tools	Version 0.3 rc1
Ipsec Tools Ipsec Tools	Version 0.3 rc2
Ipsec Tools Ipsec Tools	Version 0.3 rc3
Ipsec Tools Ipsec Tools	Version 0.3 rc4
Ipsec Tools Ipsec Tools	Version 0.3 rc5
Ipsec Tools Ipsec Tools	Version 0.3_rc1
Ipsec Tools Ipsec Tools	Version 0.3_rc2
Ipsec Tools Ipsec Tools	Version 0.3_rc3
Ipsec Tools Ipsec Tools	Version 0.3_rc4
Ipsec Tools Ipsec Tools	Version 0.3_rc5
Ipsec Tools Ipsec Tools	Version 0.4
Ipsec Tools Ipsec Tools	Version 0.4 rc1
Ipsec Tools Ipsec Tools	Version 0.5.1
Ipsec Tools Ipsec Tools	Version 0.5.2
Ipsec Tools Ipsec Tools	Version 0.5
Ipsec Tools Ipsec Tools	Version 0.6.1
Ipsec Tools Ipsec Tools	Version 0.6.2
Ipsec Tools Ipsec Tools	Version 0.6.3
Ipsec Tools Ipsec Tools	Version 0.6.4
Ipsec Tools Ipsec Tools	Version 0.6.5
Ipsec Tools Ipsec Tools	Version 0.6.6
Ipsec Tools Ipsec Tools	Version 0.6.7
Ipsec Tools Ipsec Tools	Version 0.6
Ipsec Tools Ipsec Tools	Version 0.7

Related CWEs

References (52)

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c

Source: cve@mitre.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h

Source: cve@mitre.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c

Source: cve@mitre.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h

Source: cve@mitre.org

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Source: cve@mitre.org

http://marc.info/?l=oss-security&m=124101704828036&w=2

Source: cve@mitre.org

http://secunia.com/advisories/35153

Source: cve@mitre.org

http://secunia.com/advisories/35159

Source: cve@mitre.org

http://secunia.com/advisories/35212

Source: cve@mitre.org

http://secunia.com/advisories/35404

Source: cve@mitre.org

http://secunia.com/advisories/35685

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200905-03.xml

Source: cve@mitre.org

http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce

Source: cve@mitre.org

Patch

http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611

Source: cve@mitre.org

http://support.apple.com/kb/HT3937

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1804

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:114

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/05/12/3

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-1036.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/34765

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-785-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/3184

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581

Source: cve@mitre.org

https://trac.ipsec-tools.net/ticket/303

Source: cve@mitre.org

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c

Source: af854a3a-2127-422b-91ae-364da2661108

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h

Source: af854a3a-2127-422b-91ae-364da2661108

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c

Source: af854a3a-2127-422b-91ae-364da2661108

http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h

Source: af854a3a-2127-422b-91ae-364da2661108

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=124101704828036&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35153

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35159

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35212

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35404

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35685

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200905-03.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://sourceforge.net/mailarchive/forum.php?thread_name=20090422151825.GB46988%40zeninc.net&forum_name=ipsec-tools-announce

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3937

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1804

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:114

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2009/05/12/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2009-1036.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34765

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-785-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/3184

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10581

Source: af854a3a-2127-422b-91ae-364da2661108

https://trac.ipsec-tools.net/ticket/303

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.