Issued:: 2005-03-23
Updated:: 2005-03-23

RHSA-2005:232 - Security Advisory

Overview
Updated Packages

Synopsis

ipsec-tools security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An updated ipsec-tools package that fixes a bug in parsing of ISAKMP headers
is now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The ipsec-tools package is used in conjunction with the IPsec functionality
in the linux kernel. The ipsec-tools package includes:

setkey, a program to directly manipulate policies and SAs
racoon, an IKEv1 keying daemon

A bug was found in the way the racoon daemon handled incoming ISAKMP
requests. It is possible that an attacker could crash the racoon daemon by
sending a specially crafted ISAKMP packet. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0398 to
this issue.

Additionally, the following issues have been fixed:

racoon mishandled restarts in the presence of stale administration sockets.
on Red Hat Enterprise Linux 4, racoon and setkey did not properly set up

forward policies, which prevented tunnels from working.

Users of ipsec-tools should upgrade to this updated package, which contains
backported patches, and is not vulnerable to these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 ia64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 ia64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems 3 s390x
Red Hat Enterprise Linux for IBM z Systems 3 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

BZ - 145531 - CAN-2005-0398 racoon DoS
BZ - 145535 - CAN-2005-0398 racoon DoS
BZ - 148950 - racoon unable to start with stale socket /tmp/.racoon
BZ - 150179 - ipsec/racoon/setkey does not properly forward packets to vpn peer

CVEs

CVE-2005-0398

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
ipsec-tools-0.3.3-6.src.rpm	SHA-256: 8dbad992dcc6018c30ed8791c7692d53da109ff1f06745ac1f16bc6e7f976e16
x86_64
ipsec-tools-0.3.3-6.x86_64.rpm	SHA-256: 83641c85c921c08612c159038e5b0e02cd8dd99502406e91a68a71e6f47037bd
ipsec-tools-0.3.3-6.x86_64.rpm	SHA-256: 83641c85c921c08612c159038e5b0e02cd8dd99502406e91a68a71e6f47037bd
ia64
ipsec-tools-0.3.3-6.ia64.rpm	SHA-256: 36cd2f14c4aa8dd5509d988754cff4e989d0bc1a9ba6b5ff1ade7d8fff6b406e
ipsec-tools-0.3.3-6.ia64.rpm	SHA-256: 36cd2f14c4aa8dd5509d988754cff4e989d0bc1a9ba6b5ff1ade7d8fff6b406e
i386
ipsec-tools-0.3.3-6.i386.rpm	SHA-256: 60fcab0bdb8246405e4b01e25c481aac04d35d669c43e21419222568740433df
ipsec-tools-0.3.3-6.i386.rpm	SHA-256: 60fcab0bdb8246405e4b01e25c481aac04d35d669c43e21419222568740433df

Red Hat Enterprise Linux Server 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 4

SRPM
ipsec-tools-0.3.3-6.src.rpm	SHA-256: 8dbad992dcc6018c30ed8791c7692d53da109ff1f06745ac1f16bc6e7f976e16
x86_64
ipsec-tools-0.3.3-6.x86_64.rpm	SHA-256: 83641c85c921c08612c159038e5b0e02cd8dd99502406e91a68a71e6f47037bd
ia64
ipsec-tools-0.3.3-6.ia64.rpm	SHA-256: 36cd2f14c4aa8dd5509d988754cff4e989d0bc1a9ba6b5ff1ade7d8fff6b406e
i386
ipsec-tools-0.3.3-6.i386.rpm	SHA-256: 60fcab0bdb8246405e4b01e25c481aac04d35d669c43e21419222568740433df

Red Hat Enterprise Linux Workstation 3

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Desktop 4

SRPM
ipsec-tools-0.3.3-6.src.rpm	SHA-256: 8dbad992dcc6018c30ed8791c7692d53da109ff1f06745ac1f16bc6e7f976e16
x86_64
ipsec-tools-0.3.3-6.x86_64.rpm	SHA-256: 83641c85c921c08612c159038e5b0e02cd8dd99502406e91a68a71e6f47037bd
i386
ipsec-tools-0.3.3-6.i386.rpm	SHA-256: 60fcab0bdb8246405e4b01e25c481aac04d35d669c43e21419222568740433df

Red Hat Enterprise Linux Desktop 3

SRPM
x86_64
i386

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
ipsec-tools-0.3.3-6.src.rpm	SHA-256: 8dbad992dcc6018c30ed8791c7692d53da109ff1f06745ac1f16bc6e7f976e16
s390x
ipsec-tools-0.3.3-6.s390x.rpm	SHA-256: c36d4db3242c336e8ea097ebe00a44d10f19913f4eeb6515035546f9aafedbe5
s390
ipsec-tools-0.3.3-6.s390.rpm	SHA-256: 7e07c4c56856e70b8400a04763a4e01d9c4e272e76850077105c0b2f578e0b41

Red Hat Enterprise Linux for IBM z Systems 3

SRPM
s390x
s390

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ipsec-tools-0.3.3-6.src.rpm	SHA-256: 8dbad992dcc6018c30ed8791c7692d53da109ff1f06745ac1f16bc6e7f976e16
ppc
ipsec-tools-0.3.3-6.ppc.rpm	SHA-256: df8c6992e483f722622296c0df9fbeea1777b8a3a857a942e9bdd2d9439cb1c0

Red Hat Enterprise Linux for Power, big endian 3

SRPM
ppc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation