[Openswan Users] Upgrade from openswan-2.6.21-5.el5_7.6 to openswan-2.6.32-10.el6_2.i686 appears to have introduced DOS vulnerability

Mike Herrick mike.herrick at gmail.com
Tue Apr 3 14:33:04 EDT 2012

I've upgraded my firewalls from Red Hat 5 (openswan-2.6.21-5.el5_7.6)
to Red Hat 6 (openswan-2.6.32-10.el6_2.i686) and a SecuritySpace audit
is complaining that I'm now vulnerable to a "Denial of Service : IPSEC
IKE check" attack.  The details seem a little sketchy
reproduced here:

Test ID:
Category:	Denial of Service
Title:	IPSEC IKE check
Summary:	IPSEC IKE check
Description:	The remote IPSEC server seems to have a problem negotiating
bogus IKE requests.

An attacker may use this flaw to disable your VPN remotely
Solution: Contact your vendor for a patch
Reference : See RFC 2409
Risk factor : High
Copyright	This script is Copyright (C) 2002 John Lampe...j_lampe at bellsouth.net

The copyright date makes me think this is an old issue, and there
doesn't appear to be a CVE issue for it.  I'm just wondering if anyone
knows what this is (and how to fix it).



More information about the Users mailing list