CVE-2009-1632

Name of the Vulnerable Software and Affected Versions Ipsec-tools versions prior to 0.7.2

Description The issue involves multiple memory leaks that can be exploited by remote attackers to cause a denial of service, specifically memory consumption. This can occur through vectors involving signature verification during user authentication with X.509 certificates, related to the eay check x509sign function, and the NAT-Traversal (aka NAT-T) keepalive implementation. The exploitation of these vulnerabilities can lead to a disruption in the availability of protected information and can be carried out remotely.

Recommendations For versions prior to 0.7.2, update to version 0.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the NAT-Traversal (NAT-T) keepalive implementation and the eay check x509sign function until a patch is available. Avoid using X.509 certificates for user authentication until the issue is resolved.