Your message dated Tue, 15 Mar 2005 23:32:10 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#299716: fixed in ipsec-tools 1:0.5-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Mar 2005 00:20:02 +0000
>From [EMAIL PROTECTED] Tue Mar 15 16:20:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from polaris.galacticasoftware.com [206.45.95.222]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBMGW-0004jZ-00; Tue, 15 Mar 2005 16:20:01 -0800
Received: from mira.lan.galacticasoftware.com
([2001:470:1f00:907:20d:87ff:fe3c:98c8])
by polaris.galacticasoftware.com with esmtp (Exim 4.44)
id 1DBMGP-0000Ud-MZ
for [EMAIL PROTECTED]; Tue, 15 Mar 2005 18:19:53 -0600
Received: from adamm by mira.lan.galacticasoftware.com with local (Exim 4.50)
id 1DBMGP-0006eR-MJ
for [EMAIL PROTECTED]; Tue, 15 Mar 2005 18:19:53 -0600
Content-Type: multipart/mixed; boundary="===============1964818240=="
MIME-Version: 1.0
From: Adam Majer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: racoon: [CAN-2005-0398] KAME Racoon ISAKMP Header Parsing Denial of
Service
X-Mailer: reportbug 3.8
Date: Tue, 15 Mar 2005 18:19:53 -0600
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============1964818240==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: racoon
Severity: grave
Tags: sid sarge patch
Justification: remote DoS
Original Advisory:
https://bugzilla.redhat.com/bugz...nt.cgi?id=109966&action=view
http://secunia.com/advisories/14584/
Description:
Sebastian Krahmer has reported a vulnerability in KAME Racoon, which can
be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when parsing ISAKMP headers
and can be exploited via a specially crafted ISAKMP packet.
Solution:
The vulnerability has been fixed in SNAP release 2005/03/14.
http://www.kame.net/snap-users/
The attached patch's changelog is,
Tue Mar 8 05:31:52 JST 2005
* kame/kame/racoon/isakmp.c:
one of buffer overrun problem was fixed. from ipsec-tools team.
The diff is between,
kame-20050307-openbsd36-snap.tgz
kame-20050314-openbsd36-snap.tgz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Versions of packages racoon depends on:
ii debconf 1.4.46 Debian configuration management sy
ii ipsec-tools 1:0.5-4 IPsec tools for Linux
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libreadline5 5.0-10 GNU readline and history libraries
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii perl 5.8.4-8 Larry Wall's Practical Extraction
--===============1964818240==
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="racoon.patch"
diff -ru kame.old/kame/kame/racoon/isakmp.c kame.new/kame/kame/racoon/isakmp.c
--- kame.old/kame/kame/racoon/isakmp.c 2004-03-30 21:14:39.000000000 -0600
+++ kame.new/kame/kame/racoon/isakmp.c 2005-03-07 14:29:58.000000000 -0600
@@ -1,4 +1,4 @@
-/* $KAME: isakmp.c,v 1.181 2004/03/31 03:14:39 sakane Exp $ */
+/* $KAME: isakmp.c,v 1.182 2005/03/07 20:29:58 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -1151,7 +1151,7 @@
p->type = np;
p->len = ntohs(gen->len);
- if (p->len == 0 || p->len > tlen) {
+ if (p->len < sizeof(struct isakmp_gen) || p->len > tlen) {
plog(LLV_DEBUG, LOCATION, NULL,
"invalid length of payload\n");
vfree(result);
--===============1964818240==--
---------------------------------------
Received: (at 299716-close) by bugs.debian.org; 16 Mar 2005 04:38:34 +0000
>From [EMAIL PROTECTED] Tue Mar 15 20:38:34 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DBQIj-0007bp-00; Tue, 15 Mar 2005 20:38:33 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DBQCY-0005ie-00; Tue, 15 Mar 2005 23:32:10 -0500
From: Ganesan Rajagopal <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#299716: fixed in ipsec-tools 1:0.5-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 15 Mar 2005 23:32:10 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: ipsec-tools
Source-Version: 1:0.5-5
We believe that the bug you reported is fixed in the latest version of
ipsec-tools, which is due to be installed in the Debian FTP archive:
ipsec-tools_0.5-5.diff.gz
to pool/main/i/ipsec-tools/ipsec-tools_0.5-5.diff.gz
ipsec-tools_0.5-5.dsc
to pool/main/i/ipsec-tools/ipsec-tools_0.5-5.dsc
ipsec-tools_0.5-5_i386.deb
to pool/main/i/ipsec-tools/ipsec-tools_0.5-5_i386.deb
racoon_0.5-5_i386.deb
to pool/main/i/ipsec-tools/racoon_0.5-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ganesan Rajagopal <[EMAIL PROTECTED]> (supplier of updated ipsec-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 Mar 2005 09:31:30 +0530
Source: ipsec-tools
Binary: racoon ipsec-tools
Architecture: source i386
Version: 1:0.5-5
Distribution: unstable
Urgency: high
Maintainer: Ganesan Rajagopal <[EMAIL PROTECTED]>
Changed-By: Ganesan Rajagopal <[EMAIL PROTECTED]>
Description:
ipsec-tools - IPsec tools for Linux
racoon - IPsec IKE keying daemon
Closes: 297179 299716
Changes:
ipsec-tools (1:0.5-5) unstable; urgency=high
.
* Fix ISAKMP Header Parsing DoS bug (closes: #299716).
* Quote URL in README.Debian to avoid confusion (closes: #297179).
Files:
185d54e73bd8fe865f43d317c8d4ac9a 642 net extra ipsec-tools_0.5-5.dsc
3a6ca0f666eeb56705dcbe2e0e3e316c 41618 net extra ipsec-tools_0.5-5.diff.gz
0654d01e6a69cc1ef63b933aba4d2c89 78066 net extra ipsec-tools_0.5-5_i386.deb
0710d2388371a32c0e649d869d749b29 287680 net extra racoon_0.5-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCN7DRFeACul2MEuoRAs/rAJ0cV/RIMwduQ/7bMrORbza3NjqVmgCfW2ph
ls8g3YzLvofJteGSt7ctPzI=
=Odsr
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
