Executive Summary

Informations
NameCVE-2008-3652First vendor Publication2008-08-12
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3652

CWE : Common Weakness Enumeration

idName
CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10448
 
Oval ID: oval:org.mitre.oval:def:10448
Title: src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
Description: src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
Family: unix Class: vulnerability
Reference(s): CVE-2008-3652
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Open Source Vulnerability Database (OSVDB)

idDescription
47460IPsec-Tools racoon src/racoon/handler.c Orphaned Phase 1 Handle Remote DoS

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
BIDhttp://www.securityfocus.com/bid/30657
CERThttp://www.us-cert.gov/cas/techalerts/TA09-133A.html
CONFIRMhttp://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3639
GENTOOhttp://security.gentoo.org/glsa/glsa-200812-03.xml
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:181
MLISThttp://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8...
REDHAThttp://www.redhat.com/support/errata/RHSA-2008-0849.html
SECTRACKhttp://www.securitytracker.com/id?1020692
SECUNIAhttp://secunia.com/advisories/31478
http://secunia.com/advisories/31624
http://secunia.com/advisories/32759
http://secunia.com/advisories/32971
http://secunia.com/advisories/35074
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
UBUNTUhttp://www.ubuntu.com/usn/usn-641-1
VUPENhttp://www.vupen.com/english/advisories/2008/2378
http://www.vupen.com/english/advisories/2008/2844
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1621
XFhttp://xforce.iss.net/xforce/xfdb/44424

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-11 00:23:35
  • Multiple Updates