Vulnerability Note VU#226364
Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations
Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
The U.K. National Infrastructure Security Co-ordination Center (NISCC) and CERT-FI have reported numerous vulnerabilities in IKEv1 implementations. The IKE protocol (RFC 2409) operates within the framework of the Internet Security Association (SA) and Key Management Protocol (ISAKMP, RFC 2408) and provides a way for nodes to authenticate each other and exchange keying material that is used to establish secure network services. IKE is commonly used by IPSec-based VPNs. The IKE negotiation process consists of two phases. Phase 1 establishes an ISAKMP SA. Phase 2 is used to create SAs for other security protocols.
These vulnerabilities were discovered using the PROTOS Test Tool developed by Oulu University Secure Programming Group (OUSPG). The results of the tests are described in NISCC Vulnerability Advisory 273756/NISCC/ISAKMP. According to that advisory, many IKEv1 implementations contain buffer overflow, format string, and other unspecified vulnerabilities in phase 1 of IKEv1. Exploitation of these vulnerabilities may allow a remote attacker to compromise a system's security.
These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. In addition, many of these vulnerabilities may be exploited remotely by sending a specially crafted packet to a vulnerable IKEv1 installation.
Apply a patch from an affected product vendor
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Check Point Software Technologies||Affected||15 Nov 2005||17 Nov 2005|
|Cisco Systems, Inc.||Affected||15 Nov 2005||17 Nov 2005|
|Fortinet, Inc.||Affected||15 Nov 2005||12 Dec 2005|
|Hewlett-Packard Company||Affected||15 Nov 2005||17 Nov 2005|
|NEC Corporation||Affected||15 Nov 2005||16 Dec 2005|
|Nortel Networks, Inc.||Affected||15 Nov 2005||30 Nov 2005|
|Openswan Linux IPsec software||Affected||15 Nov 2005||17 Nov 2005|
|QNX, Software Systems, Inc.||Affected||15 Nov 2005||02 Dec 2005|
|Stonesoft||Affected||15 Nov 2005||17 Nov 2005|
|Sun Microsystems, Inc.||Affected||15 Nov 2005||17 Nov 2005|
|Hitachi||Not Affected||15 Nov 2005||03 Jan 2006|
|Intoto||Not Affected||15 Nov 2005||17 Nov 2005|
|Microsoft Corporation||Not Affected||15 Nov 2005||15 Nov 2005|
|3com, Inc.||Unknown||15 Nov 2005||15 Nov 2005|
|Alcatel||Unknown||15 Nov 2005||15 Nov 2005|
CVSS Metrics (Learn More)
These vulnerabilities were reported by NISCC and CERT-FI
This document was written by Jeff Gennari.
- CVE IDs: Unknown
- Date Public: 14 Nov 2005
- Date First Published: 17 Nov 2005
- Date Last Updated: 03 Jan 2006
- Severity Metric: 16.54
- Document Revision: 31
If you have feedback, comments, or additional information about this vulnerability, please send us email.