USN-785-1: ipsec-tools vulnerabilities  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-785-1 June 09, 2009
ipsec-tools vulnerabilities
CVE-2009-1574, CVE-2009-1632
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
racoon 1:0.6.5-4ubuntu1.3

Ubuntu 8.04 LTS:
racoon 1:0.6.7-1.1ubuntu1.2

Ubuntu 8.10:
racoon 1:0.7-2.1ubuntu1.8.10.1

Ubuntu 9.04:
racoon 1:0.7-2.1ubuntu1.9.04.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that ipsec-tools did not properly handle certain
fragmented packets. A remote attacker could send specially crafted packets
to the server and cause a denial of service. (CVE-2009-1574)

It was discovered that ipsec-tools did not properly handle memory usage
when verifying certificate signatures or processing nat-traversal
keep-alive messages. A remote attacker could send specially crafted packets
to the server and exhaust available memory, leading to a denial of service.
(CVE-2009-1632)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3.diff.gz
Size/MD5: 47090 280779d90a0f7536848a1cca73341b6a
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3.dsc
Size/MD5: 712 a90d9dc61b0362e9793b7435f1096d95
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5.orig.tar.gz
Size/MD5: 914466 168076243c023782d3fb44a583d4a32c

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_amd64.deb
Size/MD5: 89736 7a2f7d0e70937725f75e068ef591851b
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_amd64.deb
Size/MD5: 342898 47ac3ab37b8caff5aaf0d5906accb137

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_i386.deb
Size/MD5: 83186 607346303887d171e1f1a5159a9f9b39
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_i386.deb
Size/MD5: 311706 e584431a2e9b19db6341f56ca6d76045

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_powerpc.deb
Size/MD5: 91466 23d1170819d6c448a6200c5c810db09a
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_powerpc.deb
Size/MD5: 337228 932e5ea5fff47d58236f3880c16ab659

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.5-4ubuntu1.3_sparc.deb
Size/MD5: 86964 c7a8222b8615062a9100160809d13969
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.3_sparc.deb
Size/MD5: 317156 a7c21275f89d272693126d169b2a2f53

Updated packages for Ubuntu 8.04 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2.diff.gz
Size/MD5: 262804 bb0fae5ca464467e3f5d4003dd0ae245
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2.dsc
Size/MD5: 827 6f9552f869c9f1650dfbe61a9ec16b47
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7.orig.tar.gz
Size/MD5: 933322 e9f38f6f12124b9c19da684c87db9fcf

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2_amd64.deb
Size/MD5: 92200 556fdcda0401bb3f72b1cc03ca2174cf
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.2_amd64.deb
Size/MD5: 349432 f9f1e5ce0c9d3325a1f99225c76e0514

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.6.7-1.1ubuntu1.2_i386.deb
Size/MD5: 86780 be31f853e4981446c1e68a0c1c661c93
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.2_i386.deb
Size/MD5: 324470 a4725aef39e6d193139635f16f0b0daf

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.2_lpia.deb
Size/MD5: 87084 439fd07c48a7e7fca2cfd2f827172549
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
.2_lpia.deb
Size/MD5: 324632 05f4d7ef0fdad87891daf800a10141d9

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.2_powerpc.deb
Size/MD5: 96288 1b0910c9f460a559598c442152c5c66e
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
.2_powerpc.deb
Size/MD5: 351160 1996b4ddd1da36bcb19369d0bf187ff5

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.2_sparc.deb
Size/MD5: 91360 ca4f1b8bdb1a158a05de15d463029ae3
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
.2_sparc.deb
Size/MD5: 325708 909074d26813426f4a817e344a1a347e

Updated packages for Ubuntu 8.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1.diff.gz
Size/MD5: 66463 b3e1ed6684086f492e5e88dd47911e2c
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1.dsc
Size/MD5: 1239 22bfe8fa650c999af53f3066d1ffeabd
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7.orig.tar.gz
Size/MD5: 856242 1234d84ed02ca71eb01140ff96b81466

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1_amd64.deb
Size/MD5: 103410 00e5e7c1dcd5bb25ba940619258cde82
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.8.10.1_amd64.deb
Size/MD5: 391092 947cff4ccead6d349f1bdb19232c886d

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.8.10.1_i386.deb
Size/MD5: 97706 bc615236c0a5f7aec7500b9db5ce3f85
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.8.10.1_i386.deb
Size/MD5: 364104 0a42533bf0df3b125113e355460a8232

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.8.10.1_lpia.deb
Size/MD5: 97872 8cd16a8c856b1c93396a2c6a1da91905
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.8=
.10.1_lpia.deb
Size/MD5: 362796 6471414a83e1078456b8931d123ae922

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.8.10.1_powerpc.deb
Size/MD5: 107654 781298571d8b7ef05b8bd3dcff5aca42
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.8=
.10.1_powerpc.deb
Size/MD5: 387528 34371c933ef8c53779eb1d1bed08b47b

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.8.10.1_sparc.deb
Size/MD5: 102058 b1bf8799d9fb4576b9d4395b30c67fc4
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.8=
.10.1_sparc.deb
Size/MD5: 363148 b41da262b7728474315c5f4321100444

Updated packages for Ubuntu 9.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1.diff.gz
Size/MD5: 66469 b63e878ed9f3e78dfcf8642f87e7e4fd
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1.dsc
Size/MD5: 1239 b647364b24f844124eb0739c328169ea
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7.orig.tar.gz
Size/MD5: 856242 1234d84ed02ca71eb01140ff96b81466

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1_amd64.deb
Size/MD5: 103394 318c7bfdcd01734461b2b7bb17d33a7c
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.9.04.1_amd64.deb
Size/MD5: 391008 294fa1d0c0d5926793e0abb00220928f

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
.7-2.1ubuntu1.9.04.1_i386.deb
Size/MD5: 97736 7b66eed93ec5efce3da76a983a56329c
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.7-2.=
1ubuntu1.9.04.1_i386.deb
Size/MD5: 363980 65d55da7dbd181daf60a15631eac6404

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.9.04.1_lpia.deb
Size/MD5: 97882 7cfc1df5732de7d3270adaf527c492f3
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.9=
.04.1_lpia.deb
Size/MD5: 362768 db27dd703945342fc35f34f1be604680

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.9.04.1_powerpc.deb
Size/MD5: 107644 150591d53fe9c2f590ba437d4225bd9a
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.9=
.04.1_powerpc.deb
Size/MD5: 387744 cf9a66e7a81d5d05208ce64616b46e77

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.7-2.1ubun=
tu1.9.04.1_sparc.deb
Size/MD5: 101946 ae8681001d73afa9c03bd024831d4de6
http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.7-2.1ubuntu1.9=
.04.1_sparc.deb
Size/MD5: 363090 690b8c5da3f67e94783608f8352c1520



--=-i8Ge6HWx3/BkmkGO6gem
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkouqYgACgkQLMAs/0C4zNo2qwCgrp/BPjYRMxoEfylo4BIrXU4C
AZoAnRtTmu1mn91YuDsPjEYejpqMwChL
=ARRO
-----END PGP SIGNATURE-----
"

This entry was posted on 8:55 PM .