Bug 931989 (CVE-2015-4047) - VUL-0: CVE-2015-4047: ipsec-tools: NULL pointer dereference in racoon/gssapi.c
Summary: VUL-0: CVE-2015-4047: ipsec-tools: NULL pointer dereference in racoon/gssapi.c
Status: RESOLVED FIXED
Alias: CVE-2015-4047
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Deadline: 2015-06-09
Assignee: Jiri Bohac
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/116995/
Whiteboard: maint:released:sle10-sp3:61804
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-22 09:20 UTC by Alexander Bergmann
Modified: 2018-12-15 15:44 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-05-22 09:20:34 UTC 
rh#1223419 / CVE-2015-4047
---------------------------------------------
A NULL pointer dereference flaw was found in IPsecTools. A remote attacker could use this flaw to crash the IKE daemon via specially crafted UDP packets if the HAVE_GSSAPI configuration option is set.

CVE request:

http://seclists.org/oss-sec/2015/q2/503

Proposed patch:

http://seclists.org/fulldisclosure/2015/May/83

External References:

https://www.altsci.com/ipsec/ipsec-tools-sa.html
---------------------------------------------

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1223419
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4047
http://seclists.org/oss-sec/2015/q2/522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4047
Comment 3 Bernhard Wiedemann 2015-05-22 19:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (931989) was mentioned in
https://build.opensuse.org/request/show/308401 13.2+13.1 / ipsec-tools
Comment 4 Jiri Bohac 2015-05-22 20:11:46 UTC 
submitrequests created for os13.1, os13.2, SLE-11, SLE-11-SP1 and SLE-10-SP2
Comment 5 Swamp Workflow Management 2015-05-26 08:21:13 UTC 
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-06-09.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61802
Comment 7 Andreas Stieger 2015-06-08 08:43:44 UTC 
(In reply to Jiri Bohac from comment #4)
> submitrequests created for os13.1, os13.2, SLE-11, SLE-11-SP1 and SLE-10-SP2

Build is failing for 13.1, please check:
https://build.opensuse.org/request/show/308401
Comment 9 Swamp Workflow Management 2015-06-09 22:00:21 UTC 
bugbot adjusting priority
Comment 10 Jiri Bohac 2015-06-11 16:56:10 UTC 
(In reply to Andreas Stieger from comment #7)
> (In reply to Jiri Bohac from comment #4)
> > submitrequests created for os13.1, os13.2, SLE-11, SLE-11-SP1 and SLE-10-SP2
> 
> Build is failing for 13.1, please check:
> https://build.opensuse.org/request/show/308401

This is not caused by the patch for this bug, but 
appears to be caused by an OpenSSL upgrade, containing this openssl commit:
3009244da47b989c4cc59ba02cf81a4e9d8f8431.

The problem is described here:
https://www.mail-archive.com/openssl-dev@openssl.org/msg35948.html

I'm not sure what to do about it yet.
Comment 11 Swamp Workflow Management 2015-08-11 15:09:50 UTC 
SUSE-SU-2015:1367-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 931989,939810
CVE References: CVE-2015-4047
Sources used:
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    ipsec-tools-0.7.3-1.13.1
SUSE Linux Enterprise Server 11-SP4 (src):    ipsec-tools-0.7.3-1.13.1
SUSE Linux Enterprise Server 11-SP3 (src):    ipsec-tools-0.7.3-1.13.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    ipsec-tools-0.7.3-1.13.1