Bug 16042 - ipsec-tools new security issue CVE-2015-4047
Summary: ipsec-tools new security issue CVE-2015-4047
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/645928/
Whiteboard: has_procedure advisory mga4-64-ok mga...
Keywords: validated_update
Depends on:
Reported: 2015-05-26 21:08 CEST by David Walser
Modified: 2015-06-08 23:18 CEST (History)
2 users (show)

See Also:
Source RPM: ipsec-tools-0.8.1-2.mga4.src.rpm
Status comment:


Description David Walser 2015-05-26 21:08:52 CEST
Debian has issued an advisory on May 23:

Patched packages uploaded for Mageia 4 and Cauldron.


Updated ipsec-tools packages fix security vulnerability:

Javantea discovered a NULL pointer dereference flaw in racoon, the Internet Key
Exchange daemon of ipsec-tools. A remote attacker can use this flaw to cause
the IKE daemon to crash via specially crafted UDP packets, resulting in a
denial of service (CVE-2015-4047).


Updated packages in core/updates_testing:

from ipsec-tools-0.8.1-2.1.mga4.src.rpm


Steps to Reproduce:
Comment 1 Len Lawrence 2015-06-04 23:35:11 CEST
Installed old versions for x86_64.
Enabled core updates testing and installed 


ipsec-tools supplies setkey, racoon and racoonctl, which need to be run as root I think.  Config files appear in /etc/racoon
    Tool to manipulate and dump the kernel Security Policy Database (SPD) and Security Association Database (SAD).
    Internet Key Exchange (IKE) daemon for automatically keying IPsec connections.
    A shell-based control tool for racoon

[root@belexeuli racoon]# ls
certs/  psk.txt  racoon.conf
[root@belexeuli racoon]# cat psk.txt
# file for pre-shared keys used for IKE authentication
# format is:  'identifier' 'key'
# For example:
#		flibbertigibbet
#  www.example.com      12345
#  foo@www.example.com  micropachycephalosaurus
[root@belexeuli racoon]# ps aux | grep racoon

[root@belexeuli racoon]# racoonctl -V
racoonctl: invalid option -- 'V'
  racoonctl [opts] reload-config
  racoonctl [opts] show-schedule
  racoonctl [opts] show-sa [protocol]
  racoonctl [opts] flush-sa [protocol]
  racoonctl [opts] delete-sa <saopts>
  racoonctl [opts] establish-sa [-u identity] [-n remoteconf] [-w] <saopts>
  racoonctl [opts] vpn-connect [-u identity] vpn_gateway
  racoonctl [opts] vpn-disconnect vpn_gateway
  racoonctl [opts] show-event
  racoonctl [opts] logout-user login

General options:
  -d		Debug: hexdump admin messages before sending
  -l		Increase output verbosity (mainly for show-sa)
  -s <socket>	Specify adminport socket to use (default: /var/lib/racoon/racoon.sock)

Parameter specifications:
    <protocol>: "isakmp", "esp" or "ah".
        In the case of "show-sa" or "flush-sa", you can use "ipsec".

    <saopts>: "isakmp" <family> <src> <dst>
            : {"esp","ah"} <family> <src/prefixlen/port> <dst/prefixlen/port>
    <family>: "inet" or "inet6"
    <ul_proto>: "icmp", "tcp", "udp", "gre" or "any"

So it installs and the tools respond with usage information.  Not sure how to use them though.  Need to play around and hope nothing breaks.

CC: (none) => tarazed25

Comment 2 claire robinson 2015-06-05 16:14:47 CEST
Well done Len. Adding the OK for you :)

Whiteboard: (none) => has_procedure mga4-64-ok

Comment 3 Len Lawrence 2015-06-05 16:18:55 CEST
Thanks Claire; I was not sure if that was sufficient.  Will run it through i586 on a VM.
Comment 4 Len Lawrence 2015-06-05 18:35:51 CEST
Installed the pre-testing rpms, checked the environment then ran the update.  All looks OK on the face of it but no real idea how to manipulate the tools.  This stuff is way oot a ma ken.  If you were happy with the 64bit update then I guess this is OK too.  Marking it as such.

Whiteboard: has_procedure mga4-64-ok => has_procedure mga4-64-ok mga4-32-ok

Comment 5 Len Lawrence 2015-06-05 18:36:29 CEST
Oh, that was in virtualbox.
Comment 6 claire robinson 2015-06-05 19:31:34 CEST
That's fine Len, well done.
Comment 7 claire robinson 2015-06-05 19:42:17 CEST
Validating. Advisory uploaded.

Please push to 4 updates


Keywords: (none) => validated_update
Whiteboard: has_procedure mga4-64-ok mga4-32-ok => has_procedure advisory mga4-64-ok mga4-32-ok
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2015-06-08 23:18:46 CEST
An update for this issue has been pushed to Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.