CVE-2015-4047
NONE EPSS 95.0%
Published May 29, 201511y ago · Modified Jun 17, 20262w ago
Published May 29, 2015 11y ago
Last Modified Jun 17, 2026 2w ago
Description
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
Threat Intelligence
EPSS Exploit Probability
95.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 45
| Vendor | Product | Version | Range |
|---|---|---|---|
| ipsec-tools | ipsec-tools | 0.8.2 | any |
| canonical | ubuntu_linux | 12.04 | any |
| fedoraproject | fedora | 20 | any |
| fedoraproject | fedora | 21 | any |
| f5 | big-ip_application_acceleration_manager | * | ≥11.4.0 – ≤11.6.4 |
| f5 | big-ip_application_acceleration_manager | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | any |
| f5 | big-ip_local_traffic_manager | * | ≥11.0.0 – ≤11.6.4 |
| f5 | big-ip_local_traffic_manager | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_local_traffic_manager | 13.0.0 | any |
| f5 | big-ip_advanced_firewall_manager | * | ≥11.3.0 – ≤11.6.4 |
| f5 | big-ip_advanced_firewall_manager | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | any |
| f5 | big-ip_analytics | * | ≥11.0.0 – ≤11.6.4 |
| f5 | big-ip_analytics | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_analytics | 13.0.0 | any |
| f5 | big-ip_access_policy_manager | * | ≥11.0.0 – ≤11.6.4 |
| f5 | big-ip_access_policy_manager | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_access_policy_manager | 13.0.0 | any |
| f5 | big-ip_application_security_manager | * | ≥11.0.0 – ≤11.6.4 |
| f5 | big-ip_application_security_manager | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_application_security_manager | 13.0.0 | any |
| f5 | big-ip_domain_name_system | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_domain_name_system | 13.0.0 | any |
| f5 | big-ip_edge_gateway | * | ≥11.0.0 – ≤11.3.0 |
| f5 | big-ip_global_traffic_manager | * | ≥11.0.0 – ≤11.6.4 |
| f5 | big-ip_link_controller | * | ≥11.0.0 – ≤11.6.4 |
| f5 | big-ip_link_controller | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_link_controller | 13.0.0 | any |
| f5 | big-ip_policy_enforcement_manager | * | ≥11.3.0 – ≤11.6.4 |
| f5 | big-ip_policy_enforcement_manager | * | ≥12.0.0 – ≤12.1.4 |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | any |
| f5 | big-ip_protocol_security_manager | * | ≥11.0.0 – ≤11.4.1 |
| f5 | big-ip_wan_optimization_manager | * | ≥11.0.0 – ≤11.3.0 |
| f5 | big-ip_webaccelerator | * | ≥11.0.0 – ≤11.3.0 |
| f5 | big-iq_adc | 4.5.0 | any |
| f5 | big-iq_centralized_management | 4.6.0 | any |
| f5 | big-iq_cloud | * | ≥4.0.0 – ≤4.5.0 |
| f5 | big-iq_cloud_and_orchestration | 1.0.0 | any |
| f5 | big-iq_device | * | ≥4.2.0 – ≤4.5.0 |
| f5 | big-iq_security | * | ≥4.0.0 – ≤4.5.0 |
| f5 | enterprise_manager | * | ≥3.0.0 – ≤3.1.1 |
| debian | debian_linux | 7.0 | any |
| debian | debian_linux | 8.0 | any |
| debian | debian_linux | 9.0 | any |
References 13
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html
- lists.fedoraproject.org http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html
- packetstormsecurity.com http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html
- seclists.org http://seclists.org/fulldisclosure/2015/May/81
- seclists.org http://seclists.org/fulldisclosure/2015/May/83
- debian.org http://www.debian.org/security/2015/dsa-3272
- openwall.com http://www.openwall.com/lists/oss-security/2015/05/20/1
- openwall.com http://www.openwall.com/lists/oss-security/2015/05/21/11
- securityfocus.com http://www.securityfocus.com/bid/74739
- securitytracker.com http://www.securitytracker.com/id/1032397
- ubuntu.com http://www.ubuntu.com/usn/USN-2623-1
- support.f5.com https://support.f5.com/csp/article/K05013313
- altsci.com https://www.altsci.com/ipsec/ipsec-tools-sa.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.