Sun Microsystems Inc. Information for VU#287771
Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets
- Vendor Information Help Date Notified: 02 Jul 2002
- Statement Date:
- Date Updated: 05 Aug 2002
The Solaris in.iked daemon for Internet Key Exchange (IKE) [new to Solaris 9] and the SunScreen 3.2 ss_iked daemon for Internet Key Exchange (IKE) are not vulnerable to the issues described in the report. Both IKE daemons do not implement aggressive mode and therefore the vulnerabilities described in this report do not affect the Sun IKE daemons, in.iked and ss_iked, both daemons reject the response packet immediately.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.