USN-221-1: racoon vulnerability
Posted on: 12/01/2005 01:52 PM

A new racoon vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-221-1 December 01, 2005
ipsec-tools vulnerability
CVE-2005-3732
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

racoon

The problem can be corrected by upgrading the affected package to
version 0.3.3-1ubuntu0.2 (for Ubuntu 4.10), 1:0.5-5ubuntu0.1 (for
Ubuntu 5.04), or 1:0.6-1ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

The Oulu University Secure Programming Group discovered a remote
Denial of Service vulnerability in the racoon daemon. When the daemon
is configured to use aggressive mode, then it did not check whether
the peer sent all required payloads during the IKE negotiation phase.
A malicious IPsec peer could exploit this to crash the racoon daemon.

Please be aware that racoon is not officially supported by Ubuntu, the
package is in the 'universe' component of the archive.

Updated packages for Ubuntu 4.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.diff.gz
Size/MD5: 191462 3f68d0eb625f920ef3ab5e4e1a2b942f
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.dsc
Size/MD5: 705 8c92ea1c2b68e7e335892c10020bafc2
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3.orig.tar.gz
Size/MD5: 864122 b141da8ae299c8fdc53e536f6bbc3ad0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_amd64.deb
Size/MD5: 106260 491ea714d329c5b0d6b8283c7579140f
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_amd64.deb
Size/MD5: 201510 7c3c1d31969a6924bfe0afbf6f56b468

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_i386.deb
Size/MD5: 101224 5e35a5bfca069cf88d0d349ad86b3cf8
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_i386.deb
Size/MD5: 186400 0627a043d0f0ad1e05830d57c35666f2

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_powerpc.deb
Size/MD5: 108966 67f208c020df5f1194ab71a0569004f2
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_powerpc.deb
Size/MD5: 196078 2acd7c40b8a56db688fc8ac8484272da

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.diff.gz
Size/MD5: 41200 47ee31ab5776589dd049a90f0437865b
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.dsc
Size/MD5: 660 cad8e0faad2316aa0a65e28880548f58
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5.orig.tar.gz
Size/MD5: 883484 57de611b23eb141173698478e9b64474

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_amd64.deb
Size/MD5: 80430 47b366f44e0c8fb49ea43500161a6419
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_amd64.deb
Size/MD5: 301450 9fd3f818fc41641ed0e691f69b23c441

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_i386.deb
Size/MD5: 75606 390fe7eb94e2e519bef1a0df6b6d46b5
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_i386.deb
Size/MD5: 276974 baef582ea75ecaf240298d2917b79fac

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_powerpc.deb
Size/MD5: 83030 7880cae89438386a5b9f676760eff1be
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_powerpc.deb
Size/MD5: 296838 f417446dce53652608242e1798663622

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.diff.gz
Size/MD5: 49677 79084ce144e4b54267f69876d8104387
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.dsc
Size/MD5: 685 c22deb12d9a0943e3a66aad1a83c3857
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.orig.tar.gz
Size/MD5: 905983 2cd85d36012b4d2c6947f7c17ad45b3e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_amd64.deb
Size/MD5: 85086 e894b1b0168138fdb46d0c55095252bf
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_amd64.deb
Size/MD5: 326258 1e7da4aa300a082cdf8034639de4f0a0

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_i386.deb
Size/MD5: 78912 b46dd5373458dd5500b2513edc6ceec8
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_i386.deb
Size/MD5: 298016 5df2e64e0ac064876aa21d29c086f902

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_powerpc.deb
Size/MD5: 86902 c7c905f335db1bae382af11fe659d335
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_powerpc.deb
Size/MD5: 319518 1a7abc7fd9645d47d045f63d9f980528

--7cm2iqirTL37Ot+N
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDju91DecnbV4Fd/IRAjJZAKDZPB7uD5O+nTTXc1svcbjwcH/3pACfa/Nw
mq9JiNVAu10lx1UrgbhtqzE=
=kAny
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_221_1_racoon_vulnerability.html)