CVE-2006-7155 - Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port numbe

CVE-2006-7155

Summary

Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286. This vulnerability is addressed in the following vendor document: https://secure-support.novell.com/KanisaPlatform/Publishing/201/3003139_f.SAL_Public.html

References

Vulnerable Configurations

cpe:2.3:a:novell:bordermanager:3.8:sp4:*:*:*:*:*:*
cpe:2.3:a:novell:bordermanager:3.8:sp4:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21014
confirm	https://secure-support.novell.com/KanisaPlatform/Publishing/201/3003139_f.SAL_Public.html
osvdb	30338
sectrack	1017213
secunia	22699
vim	20070303 Novell BorderManager ISAKMP issue smells like a dupe
vupen	ADV-2006-4471
xf	novell-bordermanager-isakmp-security-bypass(30218)

Last major update

29-07-2017 - 01:29

Published

07-03-2007 - 20:19

Last modified

29-07-2017 - 01:29