PT-2015-6397 · Ipsec Tools+2 · Ipsec-Tools+2

Javantea

Published

2015-05-22

Updated

2019-03-27

CVE-2015-4047

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions IPsec-Tools version 0.8.2

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and IKE daemon crash, via a series of crafted UDP requests.

Recommendations For IPsec-Tools version 0.8.2, update to a version that fixes the issue in racoon/gssapi.c to prevent remote attackers from causing a denial of service.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2016-1140

CVE-2015-4047

DLA-234-1

DSA-3272-1

MGASA-2015-0243

SUSE-SU-2015:1367-1

SUSE-SU-2015_1367-1

USN-2623-1

Affected Products

Alt Linux

Ipsec-Tools

Suse

PT-2015-6397 · Ipsec Tools+2 · Ipsec-Tools+2

CVE-2015-4047

Weakness Enumeration

Related Identifiers

Affected Products

References · 37