CVE-2006-2298 - The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10

CVE-2006-2298

Summary

The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Sun has released patches to address the vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:internet_key_exchange:internet_key_exchange:1:*:*:*:*:*:*:*
cpe:2.3:a:internet_key_exchange:internet_key_exchange:1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	17902
misc	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
sectrack	1016043
secunia	20050
sunalert	102246
vupen	ADV-2006-1733
xf	solaris-libike-dos(26311)

Last major update

20-07-2017 - 01:31

Published

10-05-2006 - 10:02

Last modified

20-07-2017 - 01:31