Vulnerability Note VU#226364

Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations

Original Release date: 17 Nov 2005 | Last revised: 03 Jan 2006

Overview

Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.

Description

The U.K. National Infrastructure Security Co-ordination Center (NISCC) and CERT-FI have reported numerous vulnerabilities in IKEv1 implementations. The IKE protocol (RFC 2409) operates within the framework of the Internet Security Association (SA) and Key Management Protocol (ISAKMP, RFC 2408) and provides a way for nodes to authenticate each other and exchange keying material that is used to establish secure network services. IKE is commonly used by IPSec-based VPNs. The IKE negotiation process consists of two phases. Phase 1 establishes an ISAKMP SA. Phase 2 is used to create SAs for other security protocols.

These vulnerabilities were discovered using the PROTOS Test Tool developed by Oulu University Secure Programming Group (OUSPG). The results of the tests are described in NISCC Vulnerability Advisory 273756/NISCC/ISAKMP. According to that advisory, many IKEv1 implementations contain buffer overflow, format string, and other unspecified vulnerabilities in phase 1 of IKEv1. Exploitation of these vulnerabilities may allow a remote attacker to compromise a system's security.

Impact

These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. In addition, many of these vulnerabilities may be exploited remotely by sending a specially crafted packet to a vulnerable IKEv1 installation.

Solution

Apply a patch from an affected product vendor

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Check Point Software TechnologiesAffected15 Nov 200517 Nov 2005
Cisco Systems, Inc.Affected15 Nov 200517 Nov 2005
Fortinet, Inc.Affected15 Nov 200512 Dec 2005
Hewlett-Packard CompanyAffected15 Nov 200517 Nov 2005
NEC CorporationAffected15 Nov 200516 Dec 2005
Nortel Networks, Inc.Affected15 Nov 200530 Nov 2005
Openswan Linux IPsec softwareAffected15 Nov 200517 Nov 2005
QNX, Software Systems, Inc.Affected15 Nov 200502 Dec 2005
StonesoftAffected15 Nov 200517 Nov 2005
Sun Microsystems, Inc.Affected15 Nov 200517 Nov 2005
HitachiNot Affected15 Nov 200503 Jan 2006
IntotoNot Affected15 Nov 200517 Nov 2005
Microsoft CorporationNot Affected15 Nov 200515 Nov 2005
3com, Inc.Unknown15 Nov 200515 Nov 2005
AlcatelUnknown15 Nov 200515 Nov 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

These vulnerabilities were reported by NISCC and CERT-FI

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 14 Nov 2005
  • Date First Published: 17 Nov 2005
  • Date Last Updated: 03 Jan 2006
  • Severity Metric: 16.54
  • Document Revision: 31

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.