var-200512-0678
Vulnerability from variot
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
TITLE: IPsec-Tools ISAKMP IKE Message Processing Denial of Service
SECUNIA ADVISORY ID: SA17668
VERIFY ADVISORY: http://secunia.com/advisories/17668/
CRITICAL: Moderately critical
IMPACT: DoS
WHERE:
From remote
SOFTWARE: IPsec-Tools 0.x http://secunia.com/product/3352/
DESCRIPTION: A vulnerability has been reported in IPsec-Tools, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereferencing error when processing certain ISAKMP packets in aggressive mode.
The vulnerability is related to: SA17553
Successful exploitation requires a weak racoon configuration (e.g. no lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
SOLUTION: Update to version 0.6.3. http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605
PROVIDED AND/OR DISCOVERED BY: The vendor credits Adrian Portelli.
ORIGINAL ADVISORY: http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000 http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601
OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200512-0678",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "check point",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fortinet",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nortel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "openswan linux ipsec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "qnx",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "stonesoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sun microsystems",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#226364"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
}
],
"trust": 0.6
},
"cve": "CVE-2005-4570",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-4570",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-15778",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-4570",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#226364",
"trust": 0.8,
"value": "16.54"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-619",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-15778",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#226364"
},
{
"db": "VULHUB",
"id": "VHN-15778"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
},
{
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. \n\nTITLE:\nIPsec-Tools ISAKMP IKE Message Processing Denial of Service\n\nSECUNIA ADVISORY ID:\nSA17668\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/17668/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIPsec-Tools 0.x\nhttp://secunia.com/product/3352/\n\nDESCRIPTION:\nA vulnerability has been reported in IPsec-Tools, which can be\nexploited by malicious people to cause a DoS (Denial of Service). \n\nThe vulnerability is caused due to a NULL pointer dereferencing error\nwhen processing certain ISAKMP packets in aggressive mode. \n\nThe vulnerability is related to:\nSA17553\n\nSuccessful exploitation requires a weak racoon configuration (e.g. no\nlifetime proposal or obey mode), and using 3DES/SHA1/DH2. \n\nSOLUTION:\nUpdate to version 0.6.3. \nhttp://sourceforge.net/project/showfiles.php?group_id=74601\u0026package_id=74949\u0026release_id=372605\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Adrian Portelli. \n\nORIGINAL ADVISORY:\nhttp://sourceforge.net/mailarchive/forum.php?thread_id=9017454\u0026forum_id=32000\nhttp://sourceforge.net/project/shownotes.php?release_id=372605\u0026group_id=74601\n\nOTHER REFERENCES:\nSA17553:\nhttp://secunia.com/advisories/17553/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4570"
},
{
"db": "CERT/CC",
"id": "VU#226364"
},
{
"db": "VULHUB",
"id": "VHN-15778"
},
{
"db": "PACKETSTORM",
"id": "41739"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "VUPEN",
"id": "ADV-2006-0182",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-4570",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "18446",
"trust": 1.7
},
{
"db": "BID",
"id": "15997",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "17668",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "17621",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "17663",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "17838",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "17553",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "17608",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "17684",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2005.0924",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#226364",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200512-619",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-15778",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "41739",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#226364"
},
{
"db": "VULHUB",
"id": "VHN-15778"
},
{
"db": "PACKETSTORM",
"id": "41739"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
},
{
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"id": "VAR-200512-0678",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-15778"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T21:52:14.445000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15997"
},
{
"trust": 1.7,
"url": "http://www.fortinet.com/fortiguardcenter/vu226364.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18446"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0182"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/17553/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/17668/"
},
{
"trust": 0.8,
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp"
},
{
"trust": 0.8,
"url": "http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm"
},
{
"trust": 0.8,
"url": "http://www.auscert.org.au/5748"
},
{
"trust": 0.8,
"url": "http://jvn.jp/niscc/niscc-273756/index.html"
},
{
"trust": 0.8,
"url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17608/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17621/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17684/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17663/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/17838/"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0182"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3352/"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=74601\u0026package_id=74949\u0026release_id=372605"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/mailarchive/forum.php?thread_id=9017454\u0026forum_id=32000"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/shownotes.php?release_id=372605\u0026group_id=74601"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#226364"
},
{
"db": "VULHUB",
"id": "VHN-15778"
},
{
"db": "PACKETSTORM",
"id": "41739"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
},
{
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#226364"
},
{
"db": "VULHUB",
"id": "VHN-15778"
},
{
"db": "PACKETSTORM",
"id": "41739"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
},
{
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-11-17T00:00:00",
"db": "CERT/CC",
"id": "VU#226364"
},
{
"date": "2005-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-15778"
},
{
"date": "2005-11-22T18:19:46",
"db": "PACKETSTORM",
"id": "41739"
},
{
"date": "2005-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-619"
},
{
"date": "2005-12-29T11:03:00",
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-03T00:00:00",
"db": "CERT/CC",
"id": "VU#226364"
},
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-15778"
},
{
"date": "2005-12-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-619"
},
{
"date": "2024-11-21T00:04:37.997000",
"db": "NVD",
"id": "CVE-2005-4570"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations",
"sources": [
{
"db": "CERT/CC",
"id": "VU#226364"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-619"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…