Neil Kettle

Name of the Vulnerable Software and Affected Versions: IBM Trusteer Rapport/Apex version 3.6.1908.22 Description: The issue allows a user with administrator privileges to cause a buffer overflow, resulting in a kernel panic, due to an unused legacy driver. Recommendations: For IBM Trusteer Rapport/Apex version 3.6.1908.22, consider removing or disabling the unused legacy driver to prevent potential buffer overflow exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ipsec-tools versions 0.6.5 through 0.7.1 ipsec-tools version 0.7.2 is not affected, but all versions prior to 0.7.2 are vulnerable. **Description** The issue is related to multiple vulnerabilities in the ipsec-tools package, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, in ipsec-tools before version 0.7.2, remote attackers can cause a denial of service (crash) via crafted fragmented packets without a payload, triggering a NULL pointer dereference in the racoon/isakmp frag.c file. **Recommendations** For ipsec-tools versions 0.6.5 through 0.7.1, update to version 0.7.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the racoon/isakmp frag.c module to minimize the risk of exploitation.