oss-sec mailing list archives
Re: ipsec-tools 0.7.2
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 12 May 2009 16:18:42 +0200
On Wed, 29 Apr 2009 16:56:58 +0200 Tomas Hoger <thoger () redhat com> wrote:
* src/racoon/crypto_openssl.c: From Stephen Bevan: Fix a x509 signature verification memory leak. https://trac.ipsec-tools.net/ticket/303 http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h This leak occurs during user authentication using certificates. It's possible to reach it for unauthenticated users, though certificate itself is validated first, which mitigates this slightly. * src/racoon/nattraversal.c: Fix a memory leak in nat-t keepalive code. http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h This can occur during phase1 too, before authentication. Requires nat-t to be enabled / allowed, leaks two struct sockaddr.
I'm bit unsure about how to treat these form CVE point of view. These both happen during normal operation too. However, attacker can cause these leaks in some setups (ipsec server serving road warriors) without being able to authenticate successfully, so this bears some exploitation potential. Given the previous ipsec-tools CVE assignments (CVE-2008-3651/2), this may deserve CVE too. Thoughts? -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- ipsec-tools 0.7.2 Tomas Hoger (Apr 29)
- Re: ipsec-tools 0.7.2 Tomas Hoger (May 04)
- Re: ipsec-tools 0.7.2 Steven M. Christey (May 06)
- Re: ipsec-tools 0.7.2 Tomas Hoger (May 12)
- Re: ipsec-tools 0.7.2 Tomas Hoger (May 04)