Vulnerability Solutions |
||
| The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview | ||
| Category: Gentoo Local Security Checks | Risk factor: Medium | Added: 4 Dec 2008 |
| The remote host is affected by the vulnerability described in GLSA-200812-03 (IPsec-Tools: racoon Denial of Service) Two Denial of Service vulnerabilities have been reported in racoon: The vendor reported a memory leak in racoon/proposal.c that can be triggered via invalid proposals (CVE-2008-3651). Krzysztof Piotr Oledzk reported that src/racoon/handler.c does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely (CVE-2008-3652). Impact An attacker could exploit these vulnerabilities to cause a Denial of Service. Workaround There is no known workaround at this time. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652 Solution: All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-firewall/ipsec-tools-0.7.1" Risk factor: Medium |
||
