Details of VAR-200511-0020

ID

VAR-200511-0020

CVE

CVE-2005-3674

TITLE

Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations

Trust: 0.8

sources: CERT/CC: VU#226364

DESCRIPTION

The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. Sun Solaris is prone to a denial of service vulnerability. This issue exists in the 'libike' IKE implementation and may impact the availability of the 'in.iked' daemon. This issue was discovered with the PROTOS ISAKMP Test Suite and is related to handling of malformed IKEv1 traffic. This may be triggered by a remote privileged user. TITLE: Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of Service SECUNIA ADVISORY ID: SA17684 VERIFY ADVISORY: http://secunia.com/advisories/17684/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Symantec Gateway Security 400 Series http://secunia.com/product/6175/ Symantec Gateway Security 300 Series http://secunia.com/product/6176/ Symantec Gateway Security 3.x http://secunia.com/product/6177/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ Symantec Gateway Security 1.x http://secunia.com/product/876/ Symantec Firewall/VPN Appliance 100/200/200R http://secunia.com/product/552/ SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/ DESCRIPTION: Symantec has acknowledged a vulnerability in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17553 Successful exploitation causes a DoS of the dynamic VPN services. The vulnerability has been reported in the following products. * Symantec Enterprise Firewall version 8.0 (Windows) * Symantec Enterprise Firewall version 8.0 (Solaris) * Symantec Gateway Security 5000 Series version 3.0 * Symantec Gateway Security 5400 version 2.0.1 * Symantec Gateway Security 5310 version 1.0 * Symantec Gateway Security 5200/5300 version 1.0 * Symantec Gateway Security 5100 * Symantec Gateway Security 400 version 2.0 * Symantec Gateway Security 300 version 2.0 * Symantec Firewall /VPN Appliance 200/200R * Symantec Firewall /VPN Appliance 100 SOLUTION: Apply hotfixes. Symantec Enterprise Firewall version 8.0 (Windows): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html Symantec Enterprise Firewall version 8.0 (Solaris): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html Symantec Gateway Security 5000 Series version 3.0: Apply SGS3.0-2005114-02. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html Symantec Gateway Security 5400 version 2.0.1: Apply SGS2.0.1-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html Symantec Gateway Security 5310 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html Symantec Gateway Security 5200/5300 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html Symantec Gateway Security 5100: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html Symantec Gateway Security 400 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html Symantec Gateway Security 300 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html Symantec Firewall /VPN Appliance 200/200R: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html Symantec Firewall /VPN Appliance 100: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2005-3674 // CERT/CC: VU#226364 // JVNDB: JVNDB-2005-000684 // BID: 15420 // PACKETSTORM: 41734

AFFECTED PRODUCTS

vendor:	sun	model:	solaris	scope:	eq	version:	9.0	Trust: 1.6
vendor:	sun	model:	solaris	scope:	eq	version:	10.0	Trust: 1.6
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nortel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openswan linux ipsec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	qnx	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	stonesoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	10 (x86)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (sparc)	Trust: 0.8
vendor:	sun microsystems	model:	solaris	scope:	eq	version:	9 (x86)	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.2	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.3	Trust: 0.8
vendor:	cisco	model:	ios	scope:	eq	version:	12.4	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.0	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.1	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.2	Trust: 0.8
vendor:	cisco	model:	pix firewall	scope:	eq	version:	6.3	Trust: 0.8
vendor:	cisco	model:	pix/asa	scope:	eq	version:	7.0	Trust: 0.8
vendor:	symantec	model:	enterprise firewall	scope:	eq	version:	8.0	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	5.0	Trust: 0.8
vendor:	juniper	model:	screenos	scope:	eq	version:	5.2	Trust: 0.8
vendor:	check point	model:	vpn-1/firewall-1	scope:	eq	version:	ng with application intelligence (r54)	Trust: 0.8
vendor:	check point	model:	vpn-1/firewall-1	scope:	eq	version:	ng with application intelligence (r55)	Trust: 0.8
vendor:	check point	model:	vpn-1/firewall-1	scope:	eq	version:	ng with application intelligence (r55w)	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.00	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.11	Trust: 0.8
vendor:	hewlett packard	model:	hp-ux	scope:	eq	version:	11.23	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	3 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	sun	model:	solaris 9 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	9	Trust: 0.3
vendor:	sun	model:	solaris 10.0 x86	scope:	-	version:	-	Trust: 0.3
vendor:	sun	model:	solaris	scope:	eq	version:	10	Trust: 0.3

sources: CERT/CC: VU#226364 // BID: 15420 // JVNDB: JVNDB-2005-000684 // CNNVD: CNNVD-200511-235 // NVD: CVE-2005-3674

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2005-3674
value:	HIGH
Trust: 1.8
CARNEGIE MELLON:	VU#226364
value:	16.54
Trust: 0.8
CNNVD:	CNNVD-200511-235
value:	HIGH
Trust: 0.6

NVD:	CVE-2005-3674
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.8

sources: CERT/CC: VU#226364 // JVNDB: JVNDB-2005-000684 // CNNVD: CNNVD-200511-235 // NVD: CVE-2005-3674

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3674

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-235

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200511-235

CONFIGURATIONS

sources: NVD: CVE-2005-3674

PATCH

title:	cisco-sa-20051114-ipsec	url:	http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml	Trust: 0.8
title:	HPSBUX02076	url:	http://www2.itrc.hp.com/service/cki/docdisplay.do?docid=c00555601	Trust: 0.8
title:	HPSBUX02076	url:	http://h50221.www5.hp.com/upassist/itrc_japan/assist2/secbltn/hp-ux/hpsbux02076.html	Trust: 0.8
title:	PSN-2005-11-007	url:	http://www.juniper.net/support/security/alerts/psn-2005-11-007.txt	Trust: 0.8
title:	AXSA-2006-65:1	url:	http://www.miraclelinux.com/support/update/list.php?errata_id=362	Trust: 0.8
title:	RHSA-2006:0267	url:	https://rhn.redhat.com/errata/rhsa-2006-0267.html	Trust: 0.8
title:	102246	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102246-1	Trust: 0.8
title:	102246	url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102246-3	Trust: 0.8
title:	SYM05-025	url:	http://securityresponse.symantec.com/avcenter/security/content/2005.11.21.html	Trust: 0.8
title:	cisco-sa-20051114-ipsec	url:	http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/cisco-sa-20051114-ipsec-j.shtml	Trust: 0.8
title:	SYM05-025	url:	http://www.symantec.com/region/jp/avcenter/security/content/2005.11.21.html	Trust: 0.8
title:	Top Page	url:	http://www.checkpoint.co.jp/	Trust: 0.8
title:	RHSA-2006:0267	url:	http://www.jp.redhat.com/support/errata/rhsa/rhsa-2006-0267j.html	Trust: 0.8

sources: JVNDB: JVNDB-2005-000684

EXTERNAL IDS

db:	CERT/CC	id:	VU#226364	Trust: 3.2
db:	NVD	id:	CVE-2005-3674	Trust: 2.7
db:	BID	id:	15420	Trust: 2.7
db:	SECUNIA	id:	17621	Trust: 1.6
db:	SECTRACK	id:	1015210	Trust: 1.6
db:	SECUNIA	id:	17554	Trust: 1.6
db:	VUPEN	id:	ADV-2005-2417	Trust: 1.6
db:	SECUNIA	id:	17684	Trust: 0.9
db:	SECUNIA	id:	17663	Trust: 0.8
db:	SECUNIA	id:	17838	Trust: 0.8
db:	SECUNIA	id:	17553	Trust: 0.8
db:	SECUNIA	id:	17608	Trust: 0.8
db:	SECUNIA	id:	17668	Trust: 0.8
db:	AUSCERT	id:	ESB-2005.0924	Trust: 0.8
db:	BID	id:	17902	Trust: 0.8
db:	JVNDB	id:	JVNDB-2005-000684	Trust: 0.8
db:	SUNALERT	id:	102040	Trust: 0.6
db:	CNNVD	id:	CNNVD-200511-235	Trust: 0.6
db:	PACKETSTORM	id:	41734	Trust: 0.1

sources: CERT/CC: VU#226364 // BID: 15420 // JVNDB: JVNDB-2005-000684 // PACKETSTORM: 41734 // CNNVD: CNNVD-200511-235 // NVD: CVE-2005-3674

REFERENCES

url:	http://jvn.jp/niscc/niscc-273756/index.html	Trust: 3.2
url:	http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en	Trust: 2.7
url:	http://www.securityfocus.com/bid/15420	Trust: 2.4
url:	http://www.kb.cert.org/vuls/id/226364	Trust: 2.4
url:	http://secunia.com/advisories/17621/	Trust: 1.6
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/	Trust: 1.6
url:	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102040-1	Trust: 1.6
url:	http://securitytracker.com/id?1015210	Trust: 1.6
url:	http://secunia.com/advisories/17554	Trust: 1.6
url:	http://www.vupen.com/english/advisories/2005/2417	Trust: 1.0
url:	http://secunia.com/advisories/17553/	Trust: 0.9
url:	http://secunia.com/advisories/17684/	Trust: 0.9
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp	Trust: 0.8
url:	http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm	Trust: 0.8
url:	http://www.auscert.org.au/5748	Trust: 0.8
url:	http://secunia.com/advisories/17608/	Trust: 0.8
url:	http://secunia.com/advisories/17668/	Trust: 0.8
url:	http://secunia.com/advisories/17663/	Trust: 0.8
url:	http://secunia.com/advisories/17838/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3674	Trust: 0.8
url:	http://www.cpni.gov.uk/products/vulnerabilitydisclosures/default.aspx?id=va-20051114-01014.xml	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-3674	Trust: 0.8
url:	http://www.cpni.gov.uk/docs/re-20051114-01014.pdf?lang=en	Trust: 0.8
url:	http://www.securityfocus.com/bid/17902	Trust: 0.8
url:	http://www.cyberpolice.go.jp/important/2005/20051118_193244.html	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2005/2417	Trust: 0.6
url:	http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102040-1	Trust: 0.3
url:	http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/3104/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html	Trust: 0.1
url:	http://secunia.com/product/6177/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html	Trust: 0.1
url:	http://secunia.com/product/3587/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/6175/	Trust: 0.1
url:	http://secunia.com/product/6176/	Trust: 0.1
url:	http://secunia.com/product/552/	Trust: 0.1
url:	http://securityresponse.symantec.com/avcenter/security/content/2005.11.21.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html	Trust: 0.1
url:	http://secunia.com/product/876/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html	Trust: 0.1

sources: CERT/CC: VU#226364 // BID: 15420 // JVNDB: JVNDB-2005-000684 // PACKETSTORM: 41734 // CNNVD: CNNVD-200511-235 // NVD: CVE-2005-3674

CREDITS

Sun

Trust: 0.6

sources: CNNVD: CNNVD-200511-235

SOURCES

db:	CERT/CC	id:	VU#226364
db:	BID	id:	15420
db:	JVNDB	id:	JVNDB-2005-000684
db:	PACKETSTORM	id:	41734
db:	CNNVD	id:	CNNVD-200511-235
db:	NVD	id:	CVE-2005-3674

LAST UPDATE DATE

2022-05-29T19:22:25.240000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#226364	date:	2006-01-03T00:00:00
db:	BID	id:	15420	date:	2005-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2005-000684	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200511-235	date:	2005-12-05T00:00:00
db:	NVD	id:	CVE-2005-3674	date:	2011-03-08T02:26:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#226364	date:	2005-11-17T00:00:00
db:	BID	id:	15420	date:	2005-11-14T00:00:00
db:	JVNDB	id:	JVNDB-2005-000684	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	41734	date:	2005-11-22T18:19:46
db:	CNNVD	id:	CNNVD-200511-235	date:	2005-11-18T00:00:00
db:	NVD	id:	CVE-2005-3674	date:	2005-11-18T21:03:00