Sign-up

ID

VAR-200511-0288


CVE

CVE-2005-3768


TITLE

Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations

Trust: 0.8

sources: CERT/CC: VU#226364

DESCRIPTION

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Gateway Security 400 is prone to a denial-of-service vulnerability. For more information: SA17553 Several other bugs have also been fixed in this update. The vulnerability is caused due to errors in the processing of IKEv1 Phase 1 protocol exchange messages. This can be exploited to cause a DoS. * Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T * Cisco PIX Firewall versions up to but not including 6.3(5) * Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4 * Cisco Firewall Services Module (FWSM) versions up to but not including 2.3(3) * Cisco VPN 3000 Series Concentrators versions up to but not including 4.1(7)H and 4.7(2)B * Cisco MDS Series SanOS versions up to but not including 2.1(2) Note: For Cisco IOS, only images that contain the Crypto Feature Set are vulnerable. SOLUTION: See patch matrix in vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software PROVIDED AND/OR DISCOVERED BY: Oulu University Secure Programming Group (OUSPG) . For more information: SA17553 Successful exploitation reportedly requires that the attacker is able to perform a full IKE negotiation with the affected system and requires authentication. * VPN-1/Firewall-1 NG with AI R54 prior to HFA_417. * VPN-1/Firewall-1 NG with AI R55 prior to HFA_16. * VPN-1/Firewall-1 NG with AI R55W prior to HFA_04. * VPN-1/Firewall-1 NG with AI R55P prior to HFA_06. * VPN-1 Pro NGX R60 prior to HFA_01. * Check Point Express CI R57. * Firewall-1 GX 3.0. SOLUTION: Install the latest HFA (HotFix Accumulator). Note: A fix will reportedly not be released for NG FP3. The vendor recommends upgrading to a recent version, and to the most recent HFA of this version. The vendor reportedly will release hotfixes for Check Point Express CI and Firewall-1 GX 3.0 at a later date. The vulnerability is related to: SA17553 SOLUTION: Refer to the original advisory from Nortel Networks for instructions how to apply fixes. The vulnerability is related to: SA17553 Successful exploitation requires a weak racoon configuration (e.g. no lifetime proposal or obey mode), and using 3DES/SHA1/DH2. TITLE: Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of Service SECUNIA ADVISORY ID: SA17684 VERIFY ADVISORY: http://secunia.com/advisories/17684/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Symantec Gateway Security 400 Series http://secunia.com/product/6175/ Symantec Gateway Security 300 Series http://secunia.com/product/6176/ Symantec Gateway Security 3.x http://secunia.com/product/6177/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ Symantec Gateway Security 1.x http://secunia.com/product/876/ Symantec Firewall/VPN Appliance 100/200/200R http://secunia.com/product/552/ SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/ DESCRIPTION: Symantec has acknowledged a vulnerability in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17553 Successful exploitation causes a DoS of the dynamic VPN services. The vulnerability has been reported in the following products. * Symantec Enterprise Firewall version 8.0 (Windows) * Symantec Enterprise Firewall version 8.0 (Solaris) * Symantec Gateway Security 5000 Series version 3.0 * Symantec Gateway Security 5400 version 2.0.1 * Symantec Gateway Security 5310 version 1.0 * Symantec Gateway Security 5200/5300 version 1.0 * Symantec Gateway Security 5100 * Symantec Gateway Security 400 version 2.0 * Symantec Gateway Security 300 version 2.0 * Symantec Firewall /VPN Appliance 200/200R * Symantec Firewall /VPN Appliance 100 SOLUTION: Apply hotfixes. Symantec Enterprise Firewall version 8.0 (Windows): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html Symantec Enterprise Firewall version 8.0 (Solaris): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html Symantec Gateway Security 5000 Series version 3.0: Apply SGS3.0-2005114-02. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html Symantec Gateway Security 400 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html Symantec Gateway Security 300 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html Symantec Firewall /VPN Appliance 200/200R: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html Symantec Firewall /VPN Appliance 100: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2005-3768 // CERT/CC: VU#226364 // BID: 89215 // VULHUB: VHN-14976 // PACKETSTORM: 41982 // PACKETSTORM: 41515 // PACKETSTORM: 41614 // PACKETSTORM: 41586 // PACKETSTORM: 41791 // PACKETSTORM: 41739 // PACKETSTORM: 41734

AFFECTED PRODUCTS

vendor:symantecmodel:gateway security 300scope:eqversion:2.0

Trust: 1.6

vendor:symantecmodel:gateway security 5310scope:eqversion:1.0

Trust: 1.6

vendor:symantecmodel:gateway security 5300scope:eqversion:1.0

Trust: 1.6

vendor:symantecmodel:enterprise firewallscope:eqversion:8.0

Trust: 1.6

vendor:symantecmodel:gateway security 5000 seriesscope:eqversion:3.0

Trust: 1.6

vendor:symantecmodel:gateway security 400scope:eqversion:2.0

Trust: 1.6

vendor:symantecmodel:firewall vpn appliance 200scope:eqversion:*

Trust: 1.0

vendor:symantecmodel:gateway security 5400scope:eqversion:2.0.1

Trust: 1.0

vendor:symantecmodel:firewall vpn appliance 100scope:eqversion:*

Trust: 1.0

vendor:symantecmodel:gateway security 5100scope:eqversion:*

Trust: 1.0

vendor:check pointmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:fortinetmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:necmodel: - scope: - version: -

Trust: 0.8

vendor:nortelmodel: - scope: - version: -

Trust: 0.8

vendor:openswan linux ipsecmodel: - scope: - version: -

Trust: 0.8

vendor:qnxmodel: - scope: - version: -

Trust: 0.8

vendor:stonesoftmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:symantecmodel:firewall vpn appliance 100scope: - version: -

Trust: 0.6

vendor:symantecmodel:firewall vpn appliance 200scope: - version: -

Trust: 0.6

vendor:symantecmodel:gateway security 5100scope: - version: -

Trust: 0.6

vendor:symantecmodel:gateway securityscope:eqversion:54002.0.1

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:53101.0

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:53001.0

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:5100

Trust: 0.3

vendor:symantecmodel:gateway security seriesscope:eqversion:50003.0

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:4002.0

Trust: 0.3

vendor:symantecmodel:gateway securityscope:eqversion:3002.0

Trust: 0.3

vendor:symantecmodel:firewall/vpn appliancescope:eqversion:200

Trust: 0.3

vendor:symantecmodel:firewall/vpn appliancescope:eqversion:100

Trust: 0.3

vendor:symantecmodel:enterprise firewall solarisscope:eqversion:8.0

Trust: 0.3

vendor:symantecmodel:enterprise firewall windowsscope:eqversion:8.0

Trust: 0.3

sources: CERT/CC: VU#226364 // BID: 89215 // NVD: CVE-2005-3768 // CNNVD: CNNVD-200511-338

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2005-3768
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#226364
value: 16.54

Trust: 0.8

CNNVD: CNNVD-200511-338
value: HIGH

Trust: 0.6

VULHUB: VHN-14976
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: TRUE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

VULHUB: VHN-14976
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-14976 // NVD: CVE-2005-3768 // CNNVD: CNNVD-200511-338

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3768

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-338

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200511-338

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2005-3768

EXTERNAL IDS
db:SECUNIAid:17684
Trust: 2.6
db:SECTRACKid:1015247
Trust: 2.0
db:SECTRACKid:1015249
Trust: 2.0
db:SECTRACKid:1015248
Trust: 2.0
db:NVDid:CVE-2005-3768
Trust: 2.0
db:VUPENid:ADV-2005-2517
Trust: 1.7
db:SECUNIAid:17621
Trust: 0.9
db:SECUNIAid:17663
Trust: 0.9
db:SECUNIAid:17838
Trust: 0.9
db:SECUNIAid:17553
Trust: 0.9
db:SECUNIAid:17608
Trust: 0.9
db:SECUNIAid:17668
Trust: 0.9
db:AUSCERTid:ESB-2005.0924
Trust: 0.8
db:CERT/CCid:VU#226364
Trust: 0.8
db:CNNVDid:CNNVD-200511-338
Trust: 0.7
db:BIDid:89215
Trust: 0.4
db:VULHUBid:VHN-14976
Trust: 0.1
db:PACKETSTORMid:41982
Trust: 0.1
db:PACKETSTORMid:41515
Trust: 0.1
db:PACKETSTORMid:41614
Trust: 0.1
db:PACKETSTORMid:41586
Trust: 0.1
db:PACKETSTORMid:41791
Trust: 0.1
db:PACKETSTORMid:41739
Trust: 0.1
db:PACKETSTORMid:41734
Trust: 0.1
sources:
            
            
            CERT/CC: VU#226364 // 
            
            
            
            VULHUB: VHN-14976 // 
            
            
            
            BID: 89215 // 
            
            
            
            PACKETSTORM: 41982 // 
            
            
            
            PACKETSTORM: 41515 // 
            
            
            
            PACKETSTORM: 41614 // 
            
            
            
            PACKETSTORM: 41586 // 
            
            
            
            PACKETSTORM: 41791 // 
            
            
            
            PACKETSTORM: 41739 // 
            
            
            
            PACKETSTORM: 41734 // 
            
            
            
            NVD: CVE-2005-3768 // 
            
            
            
            CNNVD: CNNVD-200511-338

REFERENCES
url:http://securityresponse.symantec.com/avcenter/security/content/2005.11.21.html
Trust: 2.1
url:http://securitytracker.com/id?1015247
Trust: 2.0
url:http://securitytracker.com/id?1015248
Trust: 2.0
url:http://securitytracker.com/id?1015249
Trust: 2.0
url:http://secunia.com/advisories/17684
Trust: 1.7
url:http://secunia.com/advisories/17553/
Trust: 1.5
url:http://www.vupen.com/english/advisories/2005/2517
Trust: 1.1
url:http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
Trust: 0.9
url:http://secunia.com/advisories/17608/
Trust: 0.9
url:http://secunia.com/advisories/17621/
Trust: 0.9
url:http://secunia.com/advisories/17684/
Trust: 0.9
url:http://secunia.com/advisories/17668/
Trust: 0.9
url:http://secunia.com/advisories/17663/
Trust: 0.9
url:http://secunia.com/advisories/17838/
Trust: 0.9
url:http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp
Trust: 0.8
url:http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm
Trust: 0.8
url:http://www.auscert.org.au/5748
Trust: 0.8
url:http://jvn.jp/niscc/niscc-273756/index.html
Trust: 0.8
url:http://secunia.com/secunia_security_advisories/
Trust: 0.7
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.7
url:http://secunia.com/about_secunia_advisories/
Trust: 0.7
url:http://www.frsirt.com/english/advisories/2005/2517
Trust: 0.6
url:http://secunia.com/product/5625/
Trust: 0.1
url:http://www.astaro.org/showflat.php?cat=&number=63958&page=0&view=collapsed&sb=5&o=&fpart=1#63958
Trust: 0.1
url:http://secunia.com/product/90/
Trust: 0.1
url:http://secunia.com/product/50/
Trust: 0.1
url:http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml
Trust: 0.1
url:http://secunia.com/product/6102/
Trust: 0.1
url:http://secunia.com/product/706/
Trust: 0.1
url:http://secunia.com/product/182/
Trust: 0.1
url:http://secunia.com/product/56/
Trust: 0.1
url:http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
Trust: 0.1
url:http://secunia.com/product/5088/
Trust: 0.1
url:http://secunia.com/product/6101/
Trust: 0.1
url:http://secunia.com/product/2273/
Trust: 0.1
url:http://secunia.com/product/3214/
Trust: 0.1
url:http://secunia.com/product/59/
Trust: 0.1
url:http://secunia.com/product/89/
Trust: 0.1
url:http://secunia.com/product/6148/
Trust: 0.1
url:http://secunia.com/product/6010/
Trust: 0.1
url:http://secunia.com/product/6149/
Trust: 0.1
url:http://secunia.com/product/2542/
Trust: 0.1
url:http://secunia.com/product/6124/
Trust: 0.1
url:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=bltndetail&documentoid=367651&renditionid=
Trust: 0.1
url:http://secunia.com/product/6125/
Trust: 0.1
url:http://secunia.com/product/6126/
Trust: 0.1
url:http://secunia.com/product/2576/
Trust: 0.1
url:https://clientweb.clavister.com/
Trust: 0.1
url:http://www.clavister.com/support/support_update_isakmp.html
Trust: 0.1
url:http://secunia.com/product/6205/
Trust: 0.1
url:http://secunia.com/product/3352/
Trust: 0.1
url:http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605
Trust: 0.1
url:http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
Trust: 0.1
url:http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Trust: 0.1
url:http://secunia.com/product/3104/
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Trust: 0.1
url:http://secunia.com/product/6177/
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Trust: 0.1
url:http://secunia.com/product/3587/
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Trust: 0.1
url:http://secunia.com/product/6175/
Trust: 0.1
url:http://secunia.com/product/6176/
Trust: 0.1
url:http://secunia.com/product/552/
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Trust: 0.1
url:http://secunia.com/product/876/
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Trust: 0.1
url:http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Trust: 0.1
sources:
            
            
            CERT/CC: VU#226364 // 
            
            
            
            VULHUB: VHN-14976 // 
            
            
            
            BID: 89215 // 
            
            
            
            PACKETSTORM: 41982 // 
            
            
            
            PACKETSTORM: 41515 // 
            
            
            
            PACKETSTORM: 41614 // 
            
            
            
            PACKETSTORM: 41586 // 
            
            
            
            PACKETSTORM: 41791 // 
            
            
            
            PACKETSTORM: 41739 // 
            
            
            
            PACKETSTORM: 41734 // 
            
            
            
            NVD: CVE-2005-3768 // 
            
            
            
            CNNVD: CNNVD-200511-338

CREDITS
Secunia
Trust: 0.7
sources:
            
            
            PACKETSTORM: 41982 // 
            
            
            
            PACKETSTORM: 41515 // 
            
            
            
            PACKETSTORM: 41614 // 
            
            
            
            PACKETSTORM: 41586 // 
            
            
            
            PACKETSTORM: 41791 // 
            
            
            
            PACKETSTORM: 41739 // 
            
            
            
            PACKETSTORM: 41734

SOURCES
db:CERT/CCid:VU#226364
db:VULHUBid:VHN-14976
db:BIDid:89215
db:PACKETSTORMid:41982
db:PACKETSTORMid:41515
db:PACKETSTORMid:41614
db:PACKETSTORMid:41586
db:PACKETSTORMid:41791
db:PACKETSTORMid:41739
db:PACKETSTORMid:41734
db:NVDid:CVE-2005-3768
db:CNNVDid:CNNVD-200511-338

LAST UPDATE DATE
2023-12-18T10:59:11.793000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#226364date:2006-01-03T00:00:00
db:VULHUBid:VHN-14976date:2011-03-08T00:00:00
db:BIDid:89215date:2005-11-22T00:00:00
db:NVDid:CVE-2005-3768date:2011-03-08T02:27:06.437
db:CNNVDid:CNNVD-200511-338date:2005-11-29T00:00:00

SOURCES RELEASE DATE
db:CERT/CCid:VU#226364date:2005-11-17T00:00:00
db:VULHUBid:VHN-14976date:2005-11-23T00:00:00
db:BIDid:89215date:2005-11-22T00:00:00
db:PACKETSTORMid:41982date:2005-12-01T18:48:38
db:PACKETSTORMid:41515date:2005-11-15T06:02:23
db:PACKETSTORMid:41614date:2005-11-19T21:56:12
db:PACKETSTORMid:41586date:2005-11-19T21:56:12
db:PACKETSTORMid:41791date:2005-11-30T04:03:08
db:PACKETSTORMid:41739date:2005-11-22T18:19:46
db:PACKETSTORMid:41734date:2005-11-22T18:19:46
db:NVDid:CVE-2005-3768date:2005-11-23T00:03:00
db:CNNVDid:CNNVD-200511-338date:2005-11-22T00:00:00