ID CVE-2005-3671
Summary The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
References
Vulnerable Configurations
  • cpe:2.3:a:frees_wan:frees_wan:2.04
    cpe:2.3:a:frees_wan:frees_wan:2.04
  • cpe:2.3:a:openswan:openswan:2.1.1
    cpe:2.3:a:openswan:openswan:2.1.1
  • cpe:2.3:a:openswan:openswan:2.1.2
    cpe:2.3:a:openswan:openswan:2.1.2
  • cpe:2.3:a:openswan:openswan:2.1.4
    cpe:2.3:a:openswan:openswan:2.1.4
  • cpe:2.3:a:openswan:openswan:2.1.5
    cpe:2.3:a:openswan:openswan:2.1.5
  • cpe:2.3:a:openswan:openswan:2.1.6
    cpe:2.3:a:openswan:openswan:2.1.6
  • cpe:2.3:a:openswan:openswan:2.2
    cpe:2.3:a:openswan:openswan:2.2
  • cpe:2.3:a:openswan:openswan:2.3
    cpe:2.3:a:openswan:openswan:2.3
  • Openswan 2.4
    cpe:2.3:a:openswan:openswan:2.4
CVSS
Base: 7.8 (as of 30-11-2005 - 16:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_10753.NASL
    description This update fixes the following security problem : - specially crafted packets could crash pluto as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. (CVE-2005-3671)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 41085
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41085
    title SuSE9 Security Update : freeswan (YOU Patch Number 10753)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-1093.NASL
    description NISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The Openswan project has released version 2.4.4 to fix both issues. See http://www.openswan.org/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20243
    published 2005-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20243
    title Fedora Core 4 : openswan-2.4.4-1.0.FC4.1 (2005-1093)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-1092.NASL
    description NISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The Openswan project has released version 2.4.4 to fix both issues. See http://www.openswan.org/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20242
    published 2005-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20242
    title Fedora Core 3 : openswan-2.4.4-0.FC3.1 (2005-1092)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200512-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200512-04 (Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation) The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way when they receive and handle ISAKMP Phase 1 packets with invalid or abnormal contents. Impact : A remote attacker could craft specific packets that would result in a Denial of Service attack, if Openswan and racoon are used in specific, weak configurations. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 20313
    published 2005-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20313
    title GLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
refmap via4
bid 15416
bugtraq
  • 20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation
  • 20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation
cert-vn VU#226364
confirm http://www.openswan.org/niscc2/
fedora
  • FEDORA-2005-1092
  • FEDORA-2005-1093
gentoo GLSA-200512-04
misc
sectrack 1015214
secunia
  • 17581
  • 17680
  • 17980
  • 18115
suse SUSE-SA:2005:070
Last major update 05-09-2008 - 16:54
Published 18-11-2005 - 16:03
Back to Top