The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-641-1] Racoon vulnerabilities


<< Previous INDEX Search src / Print Next >>
Date: Mon, 8 Sep 2008 17:31:49 -0700
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-641-1] Racoon vulnerabilities
Message-ID: <20080909003149.GJ26657@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="J/dobhs11T7y2rNN"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.316 $
X-HELO: www.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru


--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-641-1         September 09, 2008
ipsec-tools vulnerabilities
CVE-2008-3651, CVE-2008-3652
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  racoon                          1:0.6.5-4ubuntu1.2

Ubuntu 7.04:
  racoon                          1:0.6.6-3ubuntu3.1

Ubuntu 7.10:
  racoon                          1:0.6.6-3.1ubuntu3.1

Ubuntu 8.04 LTS:
  racoon                          1:0.6.7-1.1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that there were multiple ways to leak memory during
the IKE negotiation when handling certain packets.  If a remote attacker
sent repeated malicious requests, the "racoon" key exchange server could
allocate large amounts of memory, possibly leading to a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2.diff.gz
      Size/MD5:    47976 6638ae6b7edc7671f77af5b93763de0d
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2.dsc
      Size/MD5:      750 7d87380c510f48a35da9333fbfaf6629
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5.orig.tar.gz
      Size/MD5:   914466 168076243c023782d3fb44a583d4a32c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_amd64.deb
      Size/MD5:    89430 2750ab4633d8ae447bed5aa7971aba48
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_amd64.deb
      Size/MD5:   342540 912a807165c43ce90d3c60cc211ec94b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_i386.deb
      Size/MD5:    82876 5958ed679926590d81b53ecf8c651331
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_i386.deb
      Size/MD5:   311398 ef1a597a39f3ee88292364b037452395

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_powerpc.deb
      Size/MD5:    91124 e140993179e7d7187574bf971d6773f5
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_powerpc.deb
      Size/MD5:   336876 9bfa3bb9da23913f4ca6161a0acc602f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.5-4ubuntu1.2_sparc.deb
      Size/MD5:    86632 210608ca3d4990fb54566f6d4b3942c8
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.5-=
4ubuntu1.2_sparc.deb
      Size/MD5:   316756 ad7f2ccefd4f35cb8aaf5980e53a9499

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1.diff.gz
      Size/MD5:    51311 51c0a08c38483a47bd3b2d8a73e1287f
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1.dsc
      Size/MD5:      848 50817196a867ed407f0c67f928bc2260
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6.orig.tar.gz
      Size/MD5:   914807 643a238e17148d242c603c511e28d029

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_amd64.deb
      Size/MD5:    91284 1780bae1fe5fdb3b907c39a876a2c419
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_amd64.deb
      Size/MD5:   345490 cb1610211a35a5a4f8d27b962e67830b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_i386.deb
      Size/MD5:    85700 eb95ead40564cd0965a6c256cc29cda4
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_i386.deb
      Size/MD5:   321292 338faec788865311b18ffe8aa9424ae5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_powerpc.deb
      Size/MD5:    95646 0b6ce9437e4255922de2ed241730aa73
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_powerpc.deb
      Size/MD5:   347712 b7eadf3051881ee5d184aa93e0bc7f8e

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3ubuntu3.1_sparc.deb
      Size/MD5:    89750 e47a17747bf516f28ba30b71ab762df4
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3ubuntu3.1_sparc.deb
      Size/MD5:   323440 617461a267909d50f6d0994b03f55688

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1.diff.gz
      Size/MD5:    54744 118e0b2e21e6fd42e7b153212f9d7847
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1.dsc
      Size/MD5:      852 754c5e79157f7161d03323206c402c90
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6.orig.tar.gz
      Size/MD5:   914807 643a238e17148d242c603c511e28d029

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_amd64.deb
      Size/MD5:    91780 cdeda0b4689c7051074ccfbf7757ca5b
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_amd64.deb
      Size/MD5:   348172 07a71cb07b5edc9e805c716b6bdc7374

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_i386.deb
      Size/MD5:    86050 2224517ec375bdf2d55ddeea1afcd8bb
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_i386.deb
      Size/MD5:   323010 919ef460216ef536459dd21b50483b07

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.6-3.1ub=
untu3.1_lpia.deb
      Size/MD5:    86698 cf26821405e282cd0c158bef83ba75ca
    http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.6-3.1ubuntu3=
=2E1_lpia.deb
      Size/MD5:   323408 878b1d8f4c31dd4139e4ea14e4b9fefc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_powerpc.deb
      Size/MD5:    96036 037e835bb80cb35c792dce96168e502f
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_powerpc.deb
      Size/MD5:   349582 3d53de0ac8a3fcf27c8a28234c363099

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.6-3.1ubuntu3.1_sparc.deb
      Size/MD5:    90208 7e6ae9b61a59731e5edf759da59b6443
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.6-=
3.1ubuntu3.1_sparc.deb
      Size/MD5:   325398 ed029d3727b0abb6dfc5718661d3179f

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1.diff.gz
      Size/MD5:   263295 c9592c8529b56ee3d6b40a1e3745b4c2
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1.dsc
      Size/MD5:      865 e7183e67f50caf1a396570bf7a4f1e89
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7.orig.tar.gz
      Size/MD5:   933322 e9f38f6f12124b9c19da684c87db9fcf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1_amd64.deb
      Size/MD5:    91902 412eee43832542bdb31e47a8eec55a4b
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.1_amd64.deb
      Size/MD5:   349030 bc73017cf4999c7e5f26218ef2e1e8a5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0=
=2E6.7-1.1ubuntu1.1_i386.deb
      Size/MD5:    86470 3496a2a6e102a029364642c5a02d49ea
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/racoon_0.6.7-=
1.1ubuntu1.1_i386.deb
      Size/MD5:   324144 456c9da0a86535481406445d7e0a3e18

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.1_lpia.deb
      Size/MD5:    86776 eafd43eda682ca7a99c3dcff763ea430
    http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
=2E1_lpia.deb
      Size/MD5:   324314 9349d9ecfb37919ac5caf4f841215a63

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.1_powerpc.deb
      Size/MD5:    96006 d4195e7f700808a98fb4f79c9e3fd0a9
    http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
=2E1_powerpc.deb
      Size/MD5:   350830 eaa04a1b7456ec1ddf95c133aee9e2c8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/ipsec-tools/ipsec-tools_0.6.7-1.1ub=
untu1.1_sparc.deb
      Size/MD5:    91072 f917354fcfa265bf5c008edea716e0ce
    http://ports.ubuntu.com/pool/main/i/ipsec-tools/racoon_0.6.7-1.1ubuntu1=
=2E1_sparc.deb
      Size/MD5:   325378 4940622cdeaf063c76b9e090987d5e89


--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees@outflux.net.>

iEYEARECAAYFAkjFw/UACgkQH/9LqRcGPm3O6wCgmvf7iNLBeKG8AhUdNSxl7wE3
mwAAn1sVpLF0lP1vh6E7Dn9tm8dqf1F1
=8bEd
-----END PGP SIGNATURE-----

--J/dobhs11T7y2rNN--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру