USN-107-1: racoon vulnerability
Posted on: 04/05/2005 11:30 AM

A racoon security update is available for Ubuntu Linux 4.10

Ubuntu Security Notice USN-107-1 April 05, 2005
ipsec-tools vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 0.3.3-1ubuntu0.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Sebastian Krahmer discovered a Denial of Service vulnerability in the racoon daemon. By sending specially crafted ISAKMP packets, a remote attacker could trigger a buffer overflow which caused racoon to crash.

This update does not introduce any source code changes affecting the ipsec-tools package. It is necessary to update the version number of the package in order to support an update to the "racoon" package. Please note that racoon is not officially supported by Ubuntu (it is in the "universe" component of the archive).

Source archives:
Size/MD5: 191538 4cde6e53403236be32d6640b0c3e0482
Size/MD5: 705 022ba833374033ad5089ff1250dd0360
Size/MD5: 864122 b141da8ae299c8fdc53e536f6bbc3ad0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 106112 96d79a33ea9fca8a4e62b9be790ecc91
Size/MD5: 201304 800c93f6ea50b99b635364b8acb98d7b

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 101104 f36df353beb372625da1aaefd7f641e5
Size/MD5: 186172 d0213fee3f32816c0e83c227064891fc

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 108824 cc6193f450715b21e4c16b8bea002399
Size/MD5: 195936 4ab4dd044d8f31d17d8022bcd8539370

Printed from Linux Compatible (