OracleVM 2.1 : ipsec-tools (OVMSA-2009-0010)

high Nessus Plugin ID 79457

Synopsis

The remote OracleVM host is missing a security update.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

CVE-2009-1574 racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.

CVE-2009-1632 Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c.

CVE-2008-3651 Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

CVE-2008-3652 src/racoon/handler.c in racoon in ipsec-tools does not remove an 'orphaned ph1' (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

- fix nul dereference in frag code and some memory leaks (#497990)

- also do not destroy ports in ph2 (#231604)

- improved fix for cleanup of IPSEC SAs in SADB (#231604)

- fix cleanup of IPSEC SAs in SADB (#231604)

- fix segfault in timer (#378551)

- handle new interfaces immediately (#247301)

- eliminate debug logging overhead when log level is lower (#248567)

- use the adminsock_path as specified on the command line (#247294)

- link only necessary libraries (#458631)

- make racoon PIE executable (#210023)

- fix for DoS through various memory leaks (CVE-2008-3651 #456660, CVE-2008-3652 #458846)

- use the current kernel headers instead of the private copy (#446979)

- Resolves: rhbz#435803 - update pfkeyv2.h with new #defines

Solution

Update the affected ipsec-tools package.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2009-May/000025.html

Plugin Details

Severity: High

ID: 79457

File Name: oraclevm_OVMSA-2009-0010.nasl

Version: 1.12

Type: local

Published: 11/26/2014

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:oracle:vm_server:2.1, p-cpe:/a:oracle:vm:ipsec-tools

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/27/2009

Vulnerability Publication Date: 8/12/2008

Reference Information

CVE: CVE-2008-3651, CVE-2008-3652, CVE-2009-1574, CVE-2009-1632

BID: 30657, 34765

CWE: 200, 399