* Three SunRPC Inspection Denial of Service Vulnerabilities
* Three Transport Layer Security (TLS) Denial of Service
Vulnerabilities
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
These vulnerabilities are not interdependent; a release that is
affected by one vulnerability is not necessarily affected by the
others.
The Cisco Tunneling Control Protocol (cTCP) feature is used by Easy
VPN remote device operating in an environment in which standard IPSec
does not function transparently without modification to existing
firewall rules. The cTCP traffic is actually TCP traffic. Cisco IOS
cTCP packets are Internet Key Exchange (IKE) or Encapsulating
Security Payload (ESP) packets that are being transmitted over TCP.
A vulnerability exists where a series of TCP packets may cause a
Cisco IOS device that is configured as an Easy VPN server with the
cTCP encapsulation feature to run out of memory. This vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange
Resource Exhaustion Vulnerability
Advisory ID: cisco-sa-20090923-ipsec
Revision 1.0
DoS Vulnerabilities
~~~~~~~~~~~~~~~~~~~
The Cisco WLC product family is affected by two DoS vulnerabilities:
* Internet Key Exchange (IKE) DoS Vulnerability
* HTTP DoS Vulnerability
The IKE DoS vulnerability affects Cisco WLC software versions 3.2 and
later. The HTTP DoS vulnerability affects Cisco WLC software versions
4.2 and later.
Background
==========
The IPSec Tools are a port of KAME's IPsec utilities to the Linux-2.6
IPsec implementation. They include racoon, an Internet Key Exchange
daemon for automatically keying IPsec connections.
Affected packages
=================
Devices running affected versions of Cisco IOS Software are
susceptible if configured with any of the following features:
* Secure Socket Layer (SSL) Virtual Private Network (VPN)
* Secure Shell (SSH)
* Internet Key Exchange (IKE) Encrypted Nonces
Note: Other SSL/HTTPS related features than WebVPN and SSL VPN are
not affected by this vulnerability.
To determine whether SSLVPN is enabled on a device, log in to the
+---------------------------------------------------------------------
Summary
=======
A malformed Internet Key Exchange (IKE) packet may cause a device
running Cisco IOS Software to reload. Only Cisco 7200 Series and
Cisco 7301 routers running Cisco IOS software with a VPN Acceleration
Module 2+ (VAM2+) installed are affected. Cisco has released free
software updates that address this vulnerability.
Debian-specific: no
Debian bug : 527634 528933
CVE ID : CVE-2009-1574 CVE-2009-1632
Several remote vulnerabilities have been discovered in racoon, the Internet Key
Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures
project identified the following problems:
Neil Kettle discovered a NULL pointer dereference on crafted fragmented packets
that contain no payload. This results in the daemon crashing which can be used
for denial of service attacks (CVE-2009-1574).
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service
Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass
Vulnerability
These vulnerabilities are not interdependent; a release that is affected
