|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#226364
Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations
OverviewNumerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
I. DescriptionThe U.K. National Infrastructure Security Co-ordination Center (NISCC) and CERT-FI have reported numerous vulnerabilities in IKEv1 implementations. The IKE protocol (RFC 2409) operates within the framework of the Internet Security Association (SA) and Key Management Protocol (ISAKMP, RFC 2408) and provides a way for nodes to authenticate each other and exchange keying material that is used to establish secure network services. IKE is commonly used by IPSec-based VPNs. The IKE negotiation process consists of two phases. Phase 1 establishes an ISAKMP SA. Phase 2 is used to create SAs for other security protocols.
These vulnerabilities were discovered using the PROTOS Test Tool developed by Oulu University Secure Programming Group (OUSPG). The results of the tests are described in NISCC Vulnerability Advisory 273756/NISCC/ISAKMP. According to that advisory, many IKEv1 implementations contain buffer overflow, format string, and other unspecified vulnerabilities in phase 1 of IKEv1. Exploitation of these vulnerabilities may allow a remote attacker to compromise a system's security.
II. ImpactThese vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. In addition, many of these vulnerabilities may be exploited remotely by sending a specially crafted packet to a vulnerable IKEv1 installation.
III. SolutionApply a patch from an affected product vendor
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
| 3com, Inc. | Unknown | 15-Nov-2005 |
| Alcatel | Unknown | 15-Nov-2005 |
| Apple Computer, Inc. | Unknown | 15-Nov-2005 |
| AT&T | Unknown | 15-Nov-2005 |
| Avaya, Inc. | Unknown | 15-Nov-2005 |
| Avici Systems, Inc. | Unknown | 15-Nov-2005 |
| Borderware Technologies | Unknown | 15-Nov-2005 |
| Certicom | Unknown | 15-Nov-2005 |
| Charlotte's Web Networks | Unknown | 15-Nov-2005 |
| Check Point Software Technologies | Vulnerable | 17-Nov-2005 |
| Chiaro Networks, Inc. | Unknown | 15-Nov-2005 |
| Cisco Systems, Inc. | Vulnerable | 17-Nov-2005 |
| Computer Associates | Unknown | 15-Nov-2005 |
| Conectiva Inc. | Unknown | 15-Nov-2005 |
| Cray Inc. | Unknown | 15-Nov-2005 |
| D-Link Systems, Inc. | Unknown | 15-Nov-2005 |
| Data Connection, Ltd. | Unknown | 15-Nov-2005 |
| Debian GNU/Linux | Unknown | 15-Nov-2005 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 15-Nov-2005 |
| Engarde Secure Linux | Unknown | 15-Nov-2005 |
| Ericsson | Unknown | 15-Nov-2005 |
| eSoft, Inc. | Unknown | 15-Nov-2005 |
| Extreme Networks | Unknown | 15-Nov-2005 |
| F-Secure Corporation | Unknown | 15-Nov-2005 |
| F5 Networks, Inc. | Unknown | 15-Nov-2005 |
| Fedora Project | Unknown | 15-Nov-2005 |
| Force10 Networks, Inc. | Unknown | 15-Nov-2005 |
| Fortinet, Inc. | Vulnerable | 12-Dec-2005 |
| Foundry Networks, Inc. | Unknown | 15-Nov-2005 |
| FreeBSD, Inc. | Unknown | 15-Nov-2005 |
| FreeS/Wan | Unknown | 15-Nov-2005 |
| Fujitsu | Unknown | 15-Nov-2005 |
| Gentoo Linux | Unknown | 15-Nov-2005 |
| Global Technology Associates | Unknown | 15-Nov-2005 |
| GNU netfilter | Unknown | 15-Nov-2005 |
| Hewlett-Packard Company | Vulnerable | 17-Nov-2005 |
| Hitachi | Not Vulnerable | 3-Jan-2006 |
| Hyperchip | Unknown | 15-Nov-2005 |
| IBM Corporation | Unknown | 15-Nov-2005 |
| IBM Corporation (zseries) | Unknown | 15-Nov-2005 |
| IBM eServer | Unknown | 15-Nov-2005 |
| Immunix Communications, Inc. | Unknown | 15-Nov-2005 |
| Ingrian Networks, Inc. | Unknown | 15-Nov-2005 |
| Intel Corporation | Unknown | 15-Nov-2005 |
| Internet Initiative Japan | Unknown | 15-Nov-2005 |
| Internet Security Systems, Inc. | Unknown | 15-Nov-2005 |
| Intoto | Not Vulnerable | 17-Nov-2005 |
| IP Filter | Unknown | 15-Nov-2005 |
| Jun-ichiro itojun Hagino | Unknown | 15-Nov-2005 |
| Juniper Networks, Inc. | Unknown | 15-Nov-2005 |
| Linksys (A division of Cisco Systems) | Unknown | 15-Nov-2005 |
| Lucent Technologies | Unknown | 15-Nov-2005 |
| Luminous Networks | Unknown | 15-Nov-2005 |
| Mandriva, Inc. | Unknown | 15-Nov-2005 |
| Microsoft Corporation | Not Vulnerable | 15-Nov-2005 |
| MontaVista Software, Inc. | Unknown | 15-Nov-2005 |
| Multinet (owned Process Software Corporation) | Unknown | 15-Nov-2005 |
| Multitech, Inc. | Unknown | 15-Nov-2005 |
| NEC Corporation | Vulnerable | 16-Dec-2005 |
| NetBSD | Unknown | 15-Nov-2005 |
| Network Appliance, Inc. | Unknown | 15-Nov-2005 |
| NextHop Technologies, Inc. | Unknown | 15-Nov-2005 |
| NIST IPsec Project | Unknown | 15-Nov-2005 |
| Nortel Networks, Inc. | Vulnerable | 30-Nov-2005 |
| Novell, Inc. | Unknown | 15-Nov-2005 |
| OpenBSD | Unknown | 15-Nov-2005 |
| OpenBSD IPSec | Unknown | 15-Nov-2005 |
| Openswan Linux IPsec software | Vulnerable | 17-Nov-2005 |
| Openwall GNU/*/Linux | Unknown | 15-Nov-2005 |
| QNX, Software Systems, Inc. | Vulnerable | 2-Dec-2005 |
| Red Hat, Inc. | Unknown | 15-Nov-2005 |
| Redback Networks, Inc. | Unknown | 15-Nov-2005 |
| Riverstone Networks, Inc. | Unknown | 15-Nov-2005 |
| SafeNet | Unknown | 15-Nov-2005 |
| Secure Computing Network Security Division | Unknown | 15-Nov-2005 |
| Sequent Computer Systems, Inc. | Unknown | 15-Nov-2005 |
| Silicon Graphics, Inc. | Unknown | 15-Nov-2005 |
| Slackware Linux Inc. | Unknown | 15-Nov-2005 |
| Sony Corporation | Unknown | 15-Nov-2005 |
| SSH Communications IP Security | Unknown | 15-Nov-2005 |
| Stonesoft | Vulnerable | 17-Nov-2005 |
| Sun Microsystems, Inc. | Vulnerable | 17-Nov-2005 |
| SUSE Linux | Unknown | 15-Nov-2005 |
| Symantec, Inc. | Unknown | 15-Nov-2005 |
| The SCO Group | Unknown | 15-Nov-2005 |
| Trustix Secure Linux | Unknown | 15-Nov-2005 |
| Turbolinux | Unknown | 15-Nov-2005 |
| Ubuntu | Unknown | 15-Nov-2005 |
| Unisys | Unknown | 15-Nov-2005 |
| Watchguard Technologies, Inc. | Unknown | 15-Nov-2005 |
| Wind River Systems, Inc. | Unknown | 15-Nov-2005 |
| ZyXEL | Unknown | 15-Nov-2005 |
References
http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp
http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm
http://www.auscert.org.au/5748
http://jvn.jp/niscc/NISCC-273756/index.html
http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
http://secunia.com/advisories/17608/
http://secunia.com/advisories/17621/
http://secunia.com/advisories/17553/
http://secunia.com/advisories/17684/
http://secunia.com/advisories/17668/
http://secunia.com/advisories/17663/
http://secunia.com/advisories/17838/
Credit
These vulnerabilities were reported by NISCC and CERT-FI
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2005-11-14 |
| Date First Published: | 2005-11-17 |
| Date Last Updated: | 2006-01-03 |
| CERT Advisory: | |
| CVE-ID(s): | |
| NVD-ID(s): | |
| US-CERT Technical Alerts: | |
| Metric: | 16.54 |
| Document Revision: | 31 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|