CVE-2009-1574

Publication date 6 May 2009

Last updated 24 July 2024

Ubuntu priority

racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
ipsec-tools	9.04 jaunty	Fixed 1:0.7-2.1ubuntu1.9.04.1
	8.10 intrepid	Fixed 1:0.7-2.1ubuntu1.8.10.1
	8.04 LTS hardy	Fixed 1:0.6.7-1.1ubuntu1.2
	6.06 LTS dapper	Fixed 1:0.6.5-4ubuntu1.3

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ipsec-tools	Upstream: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.4&r2=1.4.6.1&f=h

References

Related Ubuntu Security Notices (USN)

USN-785-1
ipsec-tools vulnerabilities
9 June 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-1574