Vulnerability CVE-2007-1841

Vulnerability Name:

CVE-2007-1841 (CCN-33541)

Assigned:

2007-04-06

Published:

2007-04-06

Updated:

2017-10-11

Summary:

The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2007-1841

Source: CCN
Type: RHSA-2007-0342
Moderate: ipsec-tools security update

Source: CCN
Type: SA24815
IPsec Tools "isakmp_inf.c" Denial of Service

Source: SECUNIA
Type: Vendor Advisory
24815

Source: SECUNIA
Type: UNKNOWN
24826

Source: SECUNIA
Type: UNKNOWN
24833

Source: SECUNIA
Type: UNKNOWN
25072

Source: SECUNIA
Type: UNKNOWN
25142

Source: SECUNIA
Type: UNKNOWN
25322

Source: SECUNIA
Type: UNKNOWN
25560

Source: GENTOO
Type: UNKNOWN
GLSA-200705-09

Source: CCN
Type: SECTRACK ID: 1018086
IPsec-Tools isakmp_info_recv() Function Lets Remote Users Deny Service

Source: MLIST
Type: Patch, Vendor Advisory
[Ipsec-tools-devel] 20070406 Ipsec-tools 0.6.7 released

Source: CCN
Type: SourceForge.net: Files
IPsec Tools - File Release Notes and Changelog - Release Name: 0.6.7

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?release_id=499192&group_id=74601

Source: DEBIAN
Type: UNKNOWN
DSA-1299

Source: DEBIAN
Type: DSA-1299
ipsec-tools -- missing input sanitising

Source: CCN
Type: GLSA-200705-09
IPsec-Tools: Denial of Service

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:084

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:008

Source: BID
Type: UNKNOWN
23394

Source: CCN
Type: BID-23394
IPSec-Tools Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018086

Source: CCN
Type: USN-450-1
ipsec-tools vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-450-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-1310

Source: XF
Type: UNKNOWN
ipsectools-isakmpinforecv-dos(33541)

Source: XF
Type: UNKNOWN
ipsectools-isakmpinforecv-dos(33541)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10504

Source: REDHAT
Type: UNKNOWN
RHSA-2007:0342

Vulnerable Configuration:

Configuration 1:

cpe:/a:ipsec-tools:ipsec-tools:*:*:*:*:*:*:*:* (Version <= 0.6.2)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42327	P	Security update for ldb, samba (Important)	2022-07-29
oval:org.opensuse.security:def:20071841	V	CVE-2007-1841	2022-05-20
oval:org.opensuse.security:def:33114	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:31754	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:26188	P	Security update for gegl (Important)	2021-12-28
oval:org.opensuse.security:def:32227	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:31703	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:31700	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:31697	P	Security update for opensc (Important)	2021-10-29
oval:org.opensuse.security:def:32207	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:26149	P	Security update for iproute2 (Moderate)	2021-10-18
oval:org.opensuse.security:def:26148	P	Security update for javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags (Important)	2021-10-15
oval:org.opensuse.security:def:42126	P	Security update for the Linux Kernel (Important)	2021-10-12
oval:org.opensuse.security:def:31273	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26126	P	Security update for Mesa (Moderate)	2021-09-16
oval:org.opensuse.security:def:32163	P	Security update for MozillaFirefox (Important)	2021-08-17
oval:org.opensuse.security:def:26100	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:31644	P	Security update for xterm (Important)	2021-06-18
oval:org.opensuse.security:def:26073	P	Security update for libjpeg-turbo (Moderate)	2021-06-11
oval:org.opensuse.security:def:31199	P	Security update for freeradius-server (Moderate)	2021-06-11
oval:org.opensuse.security:def:26072	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36151	P	ipsec-tools-0.7.3-1.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36523	P	novell-ipsec-tools-0.7.1-2.29.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42558	P	ipsec-tools-0.7.3-1.4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31188	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31187	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:32102	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:31618	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:31629	P	Security update for libwebp (Critical)	2021-06-02
oval:org.opensuse.security:def:26047	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:26046	P	Security update for libxml2 (Moderate)	2021-05-05
oval:org.opensuse.security:def:31617	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:26042	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32071	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31749	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:32283	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:26202	P	Security update for MozillaFirefox (Important)	2021-03-01
oval:org.opensuse.security:def:31344	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:33075	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31252	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:32141	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:26084	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:31641	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:25985	P	Security update for gimp (Moderate)	2020-12-29
oval:org.opensuse.security:def:32007	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35566	P	ipsec-tools-0.7.3-1.1.93 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35719	P	ipsec-tools-0.7.3-1.1.93 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41973	P	ipsec-tools-0.7.3-1.1.93 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35920	P	ipsec-tools-0.7.3-1.1.93 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25755	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:31997	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26432	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:26276	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25694	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31788	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26719	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25270	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25896	P	Security update for gstreamer-0_10-plugins-bad (Moderate)	2020-12-01
oval:org.opensuse.security:def:27114	P	ed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26414	P	Security update for python-Django (Moderate)	2020-12-01
oval:org.opensuse.security:def:25796	P	Security update for util-linux (Moderate)	2020-12-01
oval:org.opensuse.security:def:31854	P	Security update for cracklib (Moderate)	2020-12-01
oval:org.opensuse.security:def:25282	P	Security update for tomcat (Important)	2020-12-01
oval:org.opensuse.security:def:31497	P	Security update for python-lxml	2020-12-01
oval:org.opensuse.security:def:25701	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:31835	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26649	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25849	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:32531	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31034	P	Security update for jpeg (Low)	2020-12-01
oval:org.opensuse.security:def:25474	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:32845	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:31984	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26751	P	libltdl7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26531	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31046	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:25612	P	Security update for shim (Moderate)	2020-12-01
oval:org.opensuse.security:def:31853	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:26246	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:31388	P	Security update for openwsman (Important)	2020-12-01
oval:org.opensuse.security:def:26804	P	perl-HTML-Parser on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25118	P	Security update for lftp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25847	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31941	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26919	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25470	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:31473	P	Security update for procmail	2020-12-01
oval:org.opensuse.security:def:32332	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:27486	P	libsoup-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25193	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:31401	P	Security update for perl-DBD-mysql (Moderate)	2020-12-01
oval:org.opensuse.security:def:25949	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25482	P	Security update for man (Moderate)	2020-12-01
oval:org.opensuse.security:def:26330	P	Security update for Mozilla Thunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:32393	P	Security update for tomcat6 (Important)	2020-12-01
oval:org.opensuse.security:def:25402	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:26002	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32684	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25674	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:31841	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:26418	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25543	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:26684	P	dbus-1-glib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25812	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:32053	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:26476	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:26357	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:25747	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:31810	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25271	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31405	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:27149	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25700	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26498	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:25835	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32492	P	boost-license on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25346	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31554	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25712	P	Security update for python36 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31927	P	Security update for giflib (Moderate)	2020-12-01
oval:org.opensuse.security:def:26702	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25893	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:31035	P	Security update for jpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25555	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31797	P	Recommended update for NetworkManager-kde4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32884	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31387	P	Security update for openvpn-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25904	P	Security update for gegl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26790	P	ofed on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26566	P	ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25117	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:25696	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:31902	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26884	P	dhcpcd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31399	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:26848	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25129	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31963	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25471	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26277	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:32371	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:27521	P	novell-ipsec-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25321	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31488	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25988	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:32645	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25546	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26379	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:32437	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25459	P	Security update for cups (Important)	2020-12-01
oval:org.mitre.oval:def:20440	P	DSA-1299-1 ipsec-tools	2014-06-23
oval:org.mitre.oval:def:21844	P	ELSA-2007:0342: ipsec-tools security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:10504	V	The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in Ipsec-tools before 0.6.7 allows remote attackers to cause a denial of service (tunnel crash) via crafted (1) DELETE (ISAKMP_NPTYPE_D) and (2) NOTIFY (ISAKMP_NPTYPE_N) messages.	2013-04-29
oval:org.debian:def:1299	V	missing input sanitising	2007-06-07
oval:com.redhat.rhsa:def:20070342	P	RHSA-2007:0342: ipsec-tools security update (Moderate)	2007-05-17

BACK