Vulnerability Description
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipsec-Tools | Ipsec-Tools | 0.8.2 |
| Canonical | Ubuntu Linux | 12.04 |
| Fedoraproject | Fedora | 20 |
| F5 | Big-Ip Application Acceleration Manager | >= 11.4.0, <= 11.6.4 |
| F5 | Big-Ip Local Traffic Manager | >= 11.0.0, <= 11.6.4 |
| F5 | Big-Ip Advanced Firewall Manager | >= 11.3.0, <= 11.6.4 |
| F5 | Big-Ip Analytics | >= 11.0.0, <= 11.6.4 |
| F5 | Big-Ip Access Policy Manager | >= 11.0.0, <= 11.6.4 |
| F5 | Big-Ip Application Security Manager | >= 11.0.0, <= 11.6.4 |
| F5 | Big-Ip Domain Name System | >= 12.0.0, <= 12.1.4 |
| F5 | Big-Ip Edge Gateway | >= 11.0.0, <= 11.3.0 |
| F5 | Big-Ip Global Traffic Manager | >= 11.0.0, <= 11.6.4 |
| F5 | Big-Ip Link Controller | >= 11.0.0, <= 11.6.4 |
| F5 | Big-Ip Policy Enforcement Manager | >= 11.3.0, <= 11.6.4 |
| F5 | Big-Ip Protocol Security Manager | >= 11.0.0, <= 11.4.1 |
| F5 | Big-Ip Wan Optimization Manager | >= 11.0.0, <= 11.3.0 |
| F5 | Big-Ip Webaccelerator | >= 11.0.0, <= 11.3.0 |
| F5 | Big-Iq Adc | 4.5.0 |
| F5 | Big-Iq Centralized Management | 4.6.0 |
| F5 | Big-Iq Cloud | >= 4.0.0, <= 4.5.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.htmlMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.htmlMailing ListThird Party Advisory
- http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/May/81ExploitMailing ListThird Party Advisory
- http://seclists.org/fulldisclosure/2015/May/83ExploitMailing ListThird Party Advisory
- http://www.debian.org/security/2015/dsa-3272Third Party Advisory
- http://www.openwall.com/lists/oss-security/2015/05/20/1ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/05/21/11Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/74739Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032397Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-2623-1Third Party Advisory
- https://support.f5.com/csp/article/K05013313Third Party Advisory
- https://www.altsci.com/ipsec/ipsec-tools-sa.htmlExploitThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.htmlMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2015-4047?
CVE-2015-4047 is a vulnerability with a CVSS score of 7.8 (HIGH). racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
How severe is CVE-2015-4047?
CVE-2015-4047 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4047?
Check the references section above for vendor advisories and patch information. Affected products include: Ipsec-Tools Ipsec-Tools, Canonical Ubuntu Linux, Fedoraproject Fedora, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Local Traffic Manager.