CVE-2007-1841

Name of the Vulnerable Software and Affected Versions: ipsec-tools versions prior to 0.6.7

Description: The issue affects the ipsec-tools package, allowing remote attackers to cause a denial of service, leading to disruption of protected information. This can be achieved through crafted messages, specifically DELETE (ISAKMP NPTYPE D) and NOTIFY (ISAKMP NPTYPE N) messages, exploiting the isakmp info recv function in src/racoon/isakmp inf.c in racoon.

Recommendations: For versions prior to 0.6.7, update to version 0.6.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the isakmp info recv function in src/racoon/isakmp inf.c until a patch is available. Additionally, limiting the handling of DELETE (ISAKMP NPTYPE D) and NOTIFY (ISAKMP NPTYPE N) messages can help minimize the risk of exploitation.