CVE-2015-4047

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
ipsec-toolsipsec-tools
0.8.2
canonicalubuntu_linux
12.04
f5big-ip_application_acceleration_manager
11.4.0 ≤
𝑥
≤ 11.6.4
f5big-ip_application_acceleration_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_application_acceleration_manager
13.0.0
f5big-ip_local_traffic_manager
11.0.0 ≤
𝑥
≤ 11.6.4
f5big-ip_local_traffic_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_local_traffic_manager
13.0.0
f5big-ip_advanced_firewall_manager
11.3.0 ≤
𝑥
≤ 11.6.4
f5big-ip_advanced_firewall_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_advanced_firewall_manager
13.0.0
f5big-ip_analytics
11.0.0 ≤
𝑥
≤ 11.6.4
f5big-ip_analytics
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_analytics
13.0.0
f5big-ip_access_policy_manager
11.0.0 ≤
𝑥
≤ 11.6.4
f5big-ip_access_policy_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_access_policy_manager
13.0.0
f5big-ip_application_security_manager
11.0.0 ≤
𝑥
≤ 11.6.4
f5big-ip_application_security_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_application_security_manager
13.0.0
f5big-ip_domain_name_system
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_domain_name_system
13.0.0
f5big-ip_edge_gateway
11.0.0 ≤
𝑥
≤ 11.3.0
f5big-ip_global_traffic_manager
11.0.0 ≤
𝑥
≤ 11.6.4
f5big-ip_link_controller
11.0.0 ≤
𝑥
≤ 11.6.4
f5big-ip_link_controller
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_link_controller
13.0.0
f5big-ip_policy_enforcement_manager
11.3.0 ≤
𝑥
≤ 11.6.4
f5big-ip_policy_enforcement_manager
12.0.0 ≤
𝑥
≤ 12.1.4
f5big-ip_policy_enforcement_manager
13.0.0
f5big-ip_protocol_security_manager
11.0.0 ≤
𝑥
≤ 11.4.1
f5big-ip_wan_optimization_manager
11.0.0 ≤
𝑥
≤ 11.3.0
f5big-ip_webaccelerator
11.0.0 ≤
𝑥
≤ 11.3.0
f5big-iq_adc
4.5.0
f5big-iq_centralized_management
4.6.0
f5big-iq_cloud
4.0.0 ≤
𝑥
≤ 4.5.0
f5big-iq_cloud_and_orchestration
1.0.0
f5big-iq_device
4.2.0 ≤
𝑥
≤ 4.5.0
f5big-iq_security
4.0.0 ≤
𝑥
≤ 4.5.0
f5enterprise_manager
3.0.0 ≤
𝑥
≤ 3.1.1
debiandebian_linux
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipsec-tools
xenial
not-affected
wily
not-affected
vivid
ignored
utopic
ignored
trusty
Fixed 1:0.8.0-14+deb7u1ubuntu0.1
released
precise
Fixed 1:0.8.0-9ubuntu1.1
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html
http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2015/May/81
http://seclists.org/fulldisclosure/2015/May/83
http://www.debian.org/security/2015/dsa-3272
http://www.openwall.com/lists/oss-security/2015/05/20/1
http://www.openwall.com/lists/oss-security/2015/05/21/11
http://www.securityfocus.com/bid/74739
http://www.securitytracker.com/id/1032397
http://www.ubuntu.com/usn/USN-2623-1
https://support.f5.com/csp/article/K05013313
https://www.altsci.com/ipsec/ipsec-tools-sa.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html
http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2015/May/81
http://seclists.org/fulldisclosure/2015/May/83
http://www.debian.org/security/2015/dsa-3272
http://www.openwall.com/lists/oss-security/2015/05/20/1
http://www.openwall.com/lists/oss-security/2015/05/21/11
http://www.securityfocus.com/bid/74739
http://www.securitytracker.com/id/1032397
http://www.ubuntu.com/usn/USN-2623-1
https://support.f5.com/csp/article/K05013313
https://www.altsci.com/ipsec/ipsec-tools-sa.html