Vulnerability Note VU#287771
Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets
Internet Key Exchange (IKE) implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system.
The CERT/CC has received a report describing several vulnerabilities in different vendors' IKE implementations. The IKE protocol (RFC 2409) operates within the framework of the Internet Security Association and Key Management Protocol (ISAKMP, RFC 2408) and provides a way for nodes to authenticate each other and exchange keying material that is used to establish secure network services. IKE is commonly used by IPSec-based VPNs.
During an IKE exchange, some IKE implementations do not properly handle exceptional response packets. The report enumerates several cases:
An attacker who is able to send solicited IKE responses could execute arbitrary code with the privileges of the IKE service or cause a denial of service. The attacker must act as an IKE responder, so therefore must have control over the responder, the ability to spoof IKE response packets, or the ability to redirect the IKE initiator to a responder controlled by the attacker.
Upgrade or Patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Cisco Systems Inc.||Affected||08 May 2002||09 Aug 2002|
|NetScreen||Affected||-||05 Feb 2003|
|Network Associates||Affected||08 May 2002||10 Sep 2002|
|OpenBSD||Affected||02 Jul 2002||05 Feb 2003|
|PGP||Affected||10 May 2002||05 Sep 2002|
|SafeNet||Affected||13 May 2002||20 Aug 2002|
|SonicWALL Inc.||Affected||-||01 Apr 2003|
|Apple Computer Inc.||Not Affected||02 Jul 2002||06 Aug 2002|
|Clavister||Not Affected||-||05 Sep 2002|
|Cray Inc.||Not Affected||02 Jul 2002||06 Aug 2002|
|FreeBSD||Not Affected||02 Jul 2002||05 Sep 2002|
|Fujitsu||Not Affected||02 Jul 2002||12 Aug 2002|
|Hewlett-Packard Company||Not Affected||02 Jul 2002||05 Feb 2003|
|Hitachi||Not Affected||-||05 Sep 2002|
|IBM||Not Affected||02 Jul 2002||11 Dec 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks Anton Rager of Avaya Security Consulting Services from Avaya, Inc. for reporting this vulnerability and providing information used in this document.
This document was written by Art Manion.
- CVE IDs: Unknown
- Date Public: 14 Aug 2002
- Date First Published: 12 Aug 2002
- Date Last Updated: 09 Feb 2004
- Severity Metric: 1.03
- Document Revision: 52
If you have feedback, comments, or additional information about this vulnerability, please send us email.