Vulnerability CVE-2009-1574

Vulnerability Name:

CVE-2009-1574 (CCN-50412)

Assigned:

2009-04-22

Published:

2009-04-22

Updated:

2017-09-29

Summary:

racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (REDHAT CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-Other
CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2009-1574

Source: CCN
Type: IPsec-Tools Web page
IPsec-Tools

Source: CONFIRM
Type: UNKNOWN
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-11-09-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2010-12-16-1

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:012

Source: CCN
Type: RHSA-2009-1036
Important: ipsec-tools security update

Source: SECUNIA
Type: UNKNOWN
35113

Source: SECUNIA
Type: UNKNOWN
35153

Source: SECUNIA
Type: UNKNOWN
35159

Source: SECUNIA
Type: UNKNOWN
35212

Source: SECUNIA
Type: UNKNOWN
35404

Source: SECUNIA
Type: UNKNOWN
35685

Source: GENTOO
Type: UNKNOWN
GLSA-200905-03

Source: CCN
Type: SourceForge.net: Files
IPsec Tools, File Release Notes and Changelog, Release Name: 0.7.2

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611

Source: CCN
Type: Apple Web site
About Security Update 2009-006 / Mac OS X v10.6.2

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3937

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT4298

Source: CCN
Type: ASA-2009-181
ipsec-tools security update (RHSA-2009-1036)

Source: DEBIAN
Type: UNKNOWN
DSA-1804

Source: DEBIAN
Type: DSA-1804
ipsec-tools -- null pointer dereference

Source: CCN
Type: GLSA-200905-03
IPSec Tools: Denial of Service

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:112

Source: CCN
Type: oss-security Mailing List, Wed, 29 Apr 2009 16:56:58 +0200
ipsec-tools 0.7.2

Source: MLIST
Type: Patch
[oss-security] 20090429 ipsec-tools 0.7.2

Source: MLIST
Type: Patch
[oss-security] 20090504 Re: ipsec-tools 0.7.2

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1036

Source: BID
Type: UNKNOWN
34765

Source: CCN
Type: BID-34765
IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities

Source: CCN
Type: USN-785-1
ipsec-tools vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-785-1

Source: VUPEN
Type: UNKNOWN
ADV-2009-3184

Source: CONFIRM
Type: Exploit, Patch
https://bugzilla.redhat.com/show_bug.cgi?id=497990

Source: XF
Type: UNKNOWN
ipsectools-isakmpfrag-dos(50412)

Source: XF
Type: UNKNOWN
ipsectools-isakmpfrag-dos(50412)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9624

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4291

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4298

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-4394

Source: SUSE
Type: SUSE-SR:2009:012
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:ipsec-tools:ipsec-tools:0.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc1:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc2:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc3:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc4:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc5:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.4:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.4:rc1:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.5:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.4:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.5:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.6:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.7:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:*:*:*:*:*:*:*:* (Version <= 0.7.1)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ipsec-tools:ipsec-tools:0.7:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.4:rc1:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.5:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.4:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.2:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.3:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.4:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.5:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.6.6:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc2:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc3:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc1:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc5:*:*:*:*:*:*

OR cpe:/a:ipsec-tools:ipsec-tools:0.3:rc4:*:*:*:*:*:*

OR cpe:/h:apple:airport_extreme:7.5:*:*:*:*:*:*:*

OR cpe:/h:apple:time_capsule:7.5:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20091574	V	CVE-2009-1574	2022-05-20
oval:org.opensuse.security:def:32177	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:29405	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:29369	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:32270	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:28294	P	Recommended update for ncurses (Important)	2020-12-01
oval:org.opensuse.security:def:31969	P	Security update for ipsec-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:32714	P	libgtop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28530	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:27948	P	Security update for GraphicsMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32780	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28632	P	Security update for a2ps	2020-12-01
oval:org.opensuse.security:def:32327	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:28023	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:33457	P	Security update for ipsec-tools	2020-12-01
oval:org.opensuse.security:def:28687	P	Security update for flash-player (Moderate)	2020-12-01
oval:org.opensuse.security:def:32570	P	libtiff3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28237	P	Security update for LibVNCServer (Moderate)	2020-12-01
oval:org.opensuse.security:def:31958	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32675	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28378	P	Security update for quagga (Important)	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:27947	P	Security update for GraphicsMagick (Low)	2020-12-01
oval:org.opensuse.security:def:32736	P	libvirt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28583	P	Security update for libtiff	2020-12-01
oval:org.opensuse.security:def:27959	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:33418	P	Security update for NetworkManager	2020-12-01
oval:org.opensuse.security:def:28671	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:32414	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:28153	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31957	P	Security update for gdk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28731	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32626	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:28495	P	RHSA-2009:1036 -- ipsec-tools security update (Important)	2015-08-17
oval:org.mitre.oval:def:13740	P	DSA-1804-1 ipsec-tools -- null pointer dereference, memory leaks	2015-02-23
oval:org.mitre.oval:def:8051	P	DSA-1804 ipsec-tools -- null pointer dereference, memory leaks	2015-02-23
oval:org.mitre.oval:def:13880	P	USN-785-1 -- ipsec-tools vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22832	P	ELSA-2009:1036: ipsec-tools security update (Important)	2014-05-26
oval:org.mitre.oval:def:9624	V	racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.	2013-04-29
oval:org.debian:def:1804	V	null pointer dereference, memory leaks	2009-05-20
oval:com.redhat.rhsa:def:20091036	P	RHSA-2009:1036: ipsec-tools security update (Important)	2009-05-18

BACK