CVE-2015-4047

Publication date 22 May 2015

Last updated 24 July 2024

Ubuntu priority

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ipsec-tools	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	15.04 vivid	Ignored end of life
	14.10 utopic	Ignored end of life
	14.04 LTS trusty	Fixed 1:0.8.0-14+deb7u1ubuntu0.1
	12.04 LTS precise	Fixed 1:0.8.0-9ubuntu1.1

How can I get the fixes?
What do statuses mean?

Notes

sbeattie

reported against ipsec-tools 0.8.2

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2623-1
ipsec-tools vulnerability
1 June 2015

Other references

http://www.openwall.com/lists/oss-security/2015/05/20/1
http://seclists.org/fulldisclosure/2015/May/81
http://seclists.org/fulldisclosure/2015/May/83
https://www.cve.org/CVERecord?id=CVE-2015-4047