Debian Security Advisory
DLA-234-1 ipsec-tools -- LTS security update
- Date Reported:
- 30 May 2015
- Affected Packages:
- ipsec-tools
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 785778.
In Mitre's CVE dictionary: CVE-2015-4047. - More information:
-
Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause the IKE daemon to crash via specially crafted UDP packets, resulting in a denial of service.