thr3ads.net - Secure testing team - [Secure-testing-team] Bug#495214: CVE-2008-3651: memory leak [Aug 2008]

If this information is useful, please help other people find it:
Share via:

Steffen Joeris

2008-Aug-15 12:56 UTC

[Secure-testing-team] Bug#495214: CVE-2008-3651: memory leak

Package: ipsec-tools
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ipsec-tools.

CVE-2008-3651[0]:
| Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools
| before 0.7.1 allows remote authenticated users to cause a denial of
| service (memory consumption) via invalid proposals.

There is an upstream discussion going on here[1].

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651
    http://security-tracker.debian.net/tracker/CVE-2008-3651

[1]
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel

Secure testing team - Aug 2008 - Bug#495214: CVE-2008-3651: memory leak

[Secure-testing-team] Bug#495214: CVE-2008-3651: memory leak