Posted by Christos Zoulas on May 20

— Subject: [FD] 0-day Denial of Service in IPsec-Tools

| Denial of Service in IPsec-Tools
| Vulnerability Report
| May 19, 2015
|
| Product: IPsec-Tools
| Version: 0.8.2
| Website: http://ipsec-tools.sourceforge.net/
| CVSS Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
|
| IPsec-Tools is vulnerable to a 0-day exploit that I made available yesterday. It is a null dereference crash in
racoon in gssapi.c. It requires HAVE_GSSAPI to be set, which is…