ID CVE-2005-3732
Summary The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
References
Vulnerable Configurations
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.5
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.5
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.5.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.5.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.5.2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.5.2
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.1
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.1
  • cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.2
    cpe:2.3:a:ipsec-tools:ipsec-tools:0.6.2
CVSS
Base: 7.8 (as of 21-11-2005 - 21:44)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-221-1.NASL
    description The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon. Please be aware that racoon is not officially supported by Ubuntu, the package is in the 'universe' component of the archive. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20763
    published 2006-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20763
    title Ubuntu 4.10 / 5.04 / 5.10 : ipsec-tools vulnerability (USN-221-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0267.NASL
    description Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21894
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21894
    title CentOS 3 / 4 : ipsec-tools (CESA-2006:0267)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-965.NASL
    description The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22831
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22831
    title Debian DSA-965-1 : ipsec-tools - null dereference
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0267.NASL
    description Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21286
    published 2006-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21286
    title RHEL 3 / 4 : ipsec-tools (RHSA-2006:0267)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200512-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-200512-04 (Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation) The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way when they receive and handle ISAKMP Phase 1 packets with invalid or abnormal contents. Impact : A remote attacker could craft specific packets that would result in a Denial of Service attack, if Openswan and racoon are used in specific, weak configurations. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 20313
    published 2005-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20313
    title GLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-020.NASL
    description The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20809
    published 2006-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20809
    title Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2006:020)
oval via4
accepted 2013-04-29T04:22:48.577-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
family unix
id oval:org.mitre.oval:def:9857
status accepted
submitted 2010-07-09T03:56:16-04:00
title The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
version 23
redhat via4
advisories
bugzilla
id 181605
title CVE-2005-3732 ipsec-tools IKE DoS
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhba:tst:20070026001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
rhsa
id RHSA-2006:0267
released 2006-04-25
severity Moderate
title RHSA-2006:0267: ipsec-tools security update (Moderate)
refmap via4
bid 15523
bugtraq 20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation
debian DSA-965
fedora FLSA-2006:190941
gentoo GLSA-200512-04
mandriva MDKSA-2006:020
misc
mlist [ipsec-tools-devel] 20051120 Potential DoS fixed in ipsec-tools
sectrack 1015254
secunia
  • 17668
  • 17822
  • 17980
  • 18115
  • 18616
  • 18742
  • 19833
  • 20210
sgi 20060501-01-U
suse SUSE-SA:2005:070
ubuntu USN-221-1
vupen ADV-2005-2521
Last major update 16-08-2013 - 01:08
Published 21-11-2005 - 17:03
Last modified 19-10-2018 - 11:38
Back to Top