Posted by Javantea on May 19

Denial of Service in IPsec-Tools
Vulnerability Report
May 19, 2015

Product: IPsec-Tools
Version: 0.8.2
Website: http://ipsec-tools.sourceforge.net/
CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

IPsec-Tools is vulnerable to a 0-day exploit that I made available yesterday. It is a null dereference crash in racoon
in gssapi.c. It requires HAVE_GSSAPI to be set, which is a configuration option. The impact is a denial of service
against the IKE…