VARIoT IoT vulnerabilities database
| VAR-200511-0110 | CVE-2005-3666 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability.
TITLE:
IPsec-Tools ISAKMP IKE Message Processing Denial of Service
SECUNIA ADVISORY ID:
SA17668
VERIFY ADVISORY:
http://secunia.com/advisories/17668/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
IPsec-Tools 0.x
http://secunia.com/product/3352/
DESCRIPTION:
A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereferencing error
when processing certain ISAKMP packets in aggressive mode.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
SOLUTION:
Update to version 0.6.3.
http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adrian Portelli.
ORIGINAL ADVISORY:
http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0062 | CVE-2005-3733 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. Juniper's M, T, J and E series routers are all network router products developed by Juniper. The IKE protocol is implemented in the JUNOS and JUNOSe software. Testing of the IKE version 1 phase 1 ISAKMP test suite developed by the Oulu University Security Programming Group (OUSPG) revealed a vulnerability in the IKE protocol implementation in JUNOS and JUNOSe software. By sending specially crafted messages, vulnerable products may exhibit denial of service, format string vulnerabilities, and buffer overflows. In some cases, arbitrary code execution may also be possible.
TITLE:
IPsec-Tools ISAKMP IKE Message Processing Denial of Service
SECUNIA ADVISORY ID:
SA17668
VERIFY ADVISORY:
http://secunia.com/advisories/17668/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
IPsec-Tools 0.x
http://secunia.com/product/3352/
DESCRIPTION:
A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereferencing error
when processing certain ISAKMP packets in aggressive mode.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
SOLUTION:
Update to version 0.6.3.
http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adrian Portelli.
ORIGINAL ADVISORY:
http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0019 | CVE-2005-3673 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementation in Check Point products allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. Check Point Firewall-1 and VPN-1 are prone to denial of service attacks due to unspecified vulnerabilities in the IPSec implementation. The vulnerabilities may be triggered by malformed IKE traffic. Check Point is a network security product manufacturer.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0061 | CVE-2005-3732 | IPSec-Tools IKE Message Handling Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. IPsec-Tools is prone to a denial-of-service vulnerability. This issue is due to a failure in the application to handle exceptional conditions when in 'AGGRESSIVE' mode.
An attacker can exploit this issue to crash the application, thus denying service to legitimate users.
These vulnerabilities were discovered by, and may be reproduced by, the University of Oulu Secure Programming Group PROTOS IPSec Test Suite. ---------------------------------------------------------------------
Fedora Legacy Update Advisory
Synopsis: Updated ipsec-tools package fixes security issue
Advisory ID: FLSA:190941
Issue date: 2006-06-06
Product: Fedora Core
Keywords: Bugfix
CVE Names: CVE-2005-3732
---------------------------------------------------------------------
---------------------------------------------------------------------
1. Topic:
An updated ipsec-tools package that fixes a bug in racoon is now
available.
The ipsec-tools package is used in conjunction with the IPsec
functionality in the linux kernel and includes racoon, an IKEv1 keying
daemon.
2. Relevant releases/architectures:
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64
3. Problem description:
A denial of service flaw was found in the ipsec-tools racoon daemon. If
a victim's machine has racoon configured in a non-recommended insecure
manner, it is possible for a remote attacker to crash the racoon daemon.
(CVE-2005-3732)
Users of ipsec-tools should upgrade to this updated package, which
contains backported patches, and is not vulnerable to this issue.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which
are not installed but included in the list will not be updated. Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.
Please note that this update is also available via yum and apt. Many
people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=190941
6. RPMs required:
Fedora Core 2:
SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/ipsec-tools-0.5-2.fc2.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/ipsec-tools-0.5-2.fc2.1.legacy.i386.rpm
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/ipsec-tools-0.5-2.fc3.1.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/ipsec-tools-0.5-2.fc3.1.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/ipsec-tools-0.5-2.fc3.1.legacy.x86_64.rpm
7. Verification:
SHA1 sum Package Name
---------------------------------------------------------------------
fc2:
e8f91c085fb9533106c6ebc442572bd0b22f2470
fedora/2/updates/i386/ipsec-tools-0.5-2.fc2.1.legacy.i386.rpm
292a0a1426bc75abf0b34a3c91279a40ea78aac2
fedora/2/updates/SRPMS/ipsec-tools-0.5-2.fc2.1.legacy.src.rpm
fc3:
e49b07bcc0e3dbe56401056b65b36133dabb4b6c
fedora/3/updates/i386/ipsec-tools-0.5-2.fc3.1.legacy.i386.rpm
10eed18767204b88c2811115d889c0a372079ec2
fedora/3/updates/x86_64/ipsec-tools-0.5-2.fc3.1.legacy.x86_64.rpm
0832eb1da62b597bc32b26ce9e8429d7e67f43d2
fedora/3/updates/SRPMS/ipsec-tools-0.5-2.fc3.1.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is
available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200512-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol
implementation
Date: December 12, 2005
Bugs: #112568, #113201
ID: 200512-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Openswan and IPsec-Tools suffer from an implementation flaw which may
allow a Denial of Service attack.
Background
==========
Openswan is an implementation of IPsec for Linux. IPsec is widely
used to secure exchange of packets at the IP layer and mostly used to
implement Virtual Private Networks (VPNs).
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/openswan < 2.4.4 >= 2.4.4
2 net-firewall/ipsec-tools < 0.6.3 >= 0.6.3
*>= 0.6.2-r1
*>= 0.4-r2
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
The Oulu University Secure Programming Group (OUSPG) discovered that
various ISAKMP implementations, including Openswan and racoon (included
in the IPsec-Tools package), behave in an anomalous way when they
receive and handle ISAKMP Phase 1 packets with invalid or abnormal
contents.
Workaround
==========
Avoid using "aggressive mode" in ISAKMP Phase 1, which exchanges
information between the sides before there is a secure channel.
Resolution
==========
All Openswan users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openswan-2.4.4"
All IPsec-Tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose net-firewall/ipsec-tools
References
==========
[ 1 ] CVE-2005-3671
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3671
[ 2 ] CVE-2005-3732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732
[ 3 ] Original Advisory
http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200512-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
.
TITLE:
Nortel Switched Firewall ISAKMP IKE Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17608
VERIFY ADVISORY:
http://secunia.com/advisories/17608/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Nortel Switched Firewall 5000 Series
http://secunia.com/product/6126/
Nortel Switched Firewall 5100 Series
http://secunia.com/product/6125/
Nortel Switched Firewall 6000 Series
http://secunia.com/product/6124/
DESCRIPTION:
A vulnerability has been reported in Nortel Switched Firewall, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
The vulnerability is caused due to unspecified errors in the
processing of IKEv1 Phase 1 protocol exchange messages. This may be
exploited to cause a DoS via specially crafted IKE packets.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
ORIGINAL ADVISORY:
Nortel Networks:
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=367651&RenditionID=
NISCC:
http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
c1f74be6f3c46152881ded66022a3928 10.1/RPMS/ipsec-tools-0.2.5-2.2.101mdk.i586.rpm
c8416853386be9e80b5f8ac6de16cf93 10.1/RPMS/libipsec-tools0-0.2.5-2.2.101mdk.i586.rpm
278751ee3fca05321059c67f39f1a0f0 10.1/SRPMS/ipsec-tools-0.2.5-2.2.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
5d3d19d02d0d5a8eb5fcc237768fb07f x86_64/10.1/RPMS/ipsec-tools-0.2.5-2.2.101mdk.x86_64.rpm
464dadc90a736f6312a6c143c12a4cce x86_64/10.1/RPMS/lib64ipsec-tools0-0.2.5-2.2.101mdk.x86_64.rpm
278751ee3fca05321059c67f39f1a0f0 x86_64/10.1/SRPMS/ipsec-tools-0.2.5-2.2.101mdk.src.rpm
Mandriva Linux 10.2:
75b061a206ba4a943904d384e489036c 10.2/RPMS/ipsec-tools-0.5-4.2.102mdk.i586.rpm
3c17715ce5bd1e63347e844bca518fa3 10.2/RPMS/libipsec0-0.5-4.2.102mdk.i586.rpm
c221e9fbca14cc956df812605aa67b96 10.2/RPMS/libipsec0-devel-0.5-4.2.102mdk.i586.rpm
313ae7a9fd1eceb117515c61f19f0a2a 10.2/SRPMS/ipsec-tools-0.5-4.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
2de25a175eff7fbb77758993965110a5 x86_64/10.2/RPMS/ipsec-tools-0.5-4.2.102mdk.x86_64.rpm
ff5095c574441578b6e6e1c9384bf05c x86_64/10.2/RPMS/lib64ipsec0-0.5-4.2.102mdk.x86_64.rpm
db6e3f33dc2326528a4c22e199e2c0fa x86_64/10.2/RPMS/lib64ipsec0-devel-0.5-4.2.102mdk.x86_64.rpm
313ae7a9fd1eceb117515c61f19f0a2a x86_64/10.2/SRPMS/ipsec-tools-0.5-4.2.102mdk.src.rpm
Mandriva Linux 2006.0:
a3881692a4ee81a3e4759500691ba86d 2006.0/RPMS/ipsec-tools-0.5.2-5.1.20060mdk.i586.rpm
4523963e017054a149cc9c6c46e6fa39 2006.0/RPMS/libipsec0-0.5.2-5.1.20060mdk.i586.rpm
9208a98bc79efce31e8bf08c5a409431 2006.0/RPMS/libipsec0-devel-0.5.2-5.1.20060mdk.i586.rpm
390a8547034610a0ebd6a30f8752c36d 2006.0/SRPMS/ipsec-tools-0.5.2-5.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
89c02c5eebb80544fb54cf8876183d92 x86_64/2006.0/RPMS/ipsec-tools-0.5.2-5.1.20060mdk.x86_64.rpm
833ab780f0ef3eb86da1c2aa82746c72 x86_64/2006.0/RPMS/lib64ipsec0-0.5.2-5.1.20060mdk.x86_64.rpm
d875aeb7f90b36eba89ff2e2b901a3cc x86_64/2006.0/RPMS/lib64ipsec0-devel-0.5.2-5.1.20060mdk.x86_64.rpm
390a8547034610a0ebd6a30f8752c36d x86_64/2006.0/SRPMS/ipsec-tools-0.5.2-5.1.20060mdk.src.rpm
Multi Network Firewall 2.0:
3a441d674beb304f607975502cb2f302 mnf/2.0/RPMS/ipsec-tools-0.2.5-0.4.M20mdk.i586.rpm
109a0184382426bd065df6000f64189d mnf/2.0/RPMS/libipsec-tools0-0.2.5-0.4.M20mdk.i586.rpm
96dacbdb35121f2f876d1bb19cb00c24 mnf/2.0/SRPMS/ipsec-tools-0.2.5-0.4.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFD19iemqjQ0CJFipgRAp9rAKC7w5Jflg/c/KBy6kdNDiGF8YbgWQCeIbM4
LUncx0ejSC2hQ5/zFlDZKjg=
=qhPu
-----END PGP SIGNATURE-----
. ===========================================================
Ubuntu Security Notice USN-221-1 December 01, 2005
ipsec-tools vulnerability
CVE-2005-3732
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
racoon
The problem can be corrected by upgrading the affected package to
version 0.3.3-1ubuntu0.2 (for Ubuntu 4.10), 1:0.5-5ubuntu0.1 (for
Ubuntu 5.04), or 1:0.6-1ubuntu1.1 (for Ubuntu 5.10). In general, a
standard system upgrade is sufficient to effect the necessary changes. When the daemon
is configured to use aggressive mode, then it did not check whether
the peer sent all required payloads during the IKE negotiation phase.
A malicious IPsec peer could exploit this to crash the racoon daemon.
Please be aware that racoon is not officially supported by Ubuntu, the
package is in the 'universe' component of the archive.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.diff.gz
Size/MD5: 191462 3f68d0eb625f920ef3ab5e4e1a2b942f
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.dsc
Size/MD5: 705 8c92ea1c2b68e7e335892c10020bafc2
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3.orig.tar.gz
Size/MD5: 864122 b141da8ae299c8fdc53e536f6bbc3ad0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_amd64.deb
Size/MD5: 106260 491ea714d329c5b0d6b8283c7579140f
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_amd64.deb
Size/MD5: 201510 7c3c1d31969a6924bfe0afbf6f56b468
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_i386.deb
Size/MD5: 101224 5e35a5bfca069cf88d0d349ad86b3cf8
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_i386.deb
Size/MD5: 186400 0627a043d0f0ad1e05830d57c35666f2
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_powerpc.deb
Size/MD5: 108966 67f208c020df5f1194ab71a0569004f2
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_powerpc.deb
Size/MD5: 196078 2acd7c40b8a56db688fc8ac8484272da
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.diff.gz
Size/MD5: 41200 47ee31ab5776589dd049a90f0437865b
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.dsc
Size/MD5: 660 cad8e0faad2316aa0a65e28880548f58
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5.orig.tar.gz
Size/MD5: 883484 57de611b23eb141173698478e9b64474
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_amd64.deb
Size/MD5: 80430 47b366f44e0c8fb49ea43500161a6419
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_amd64.deb
Size/MD5: 301450 9fd3f818fc41641ed0e691f69b23c441
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_i386.deb
Size/MD5: 75606 390fe7eb94e2e519bef1a0df6b6d46b5
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_i386.deb
Size/MD5: 276974 baef582ea75ecaf240298d2917b79fac
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_powerpc.deb
Size/MD5: 83030 7880cae89438386a5b9f676760eff1be
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_powerpc.deb
Size/MD5: 296838 f417446dce53652608242e1798663622
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.diff.gz
Size/MD5: 49677 79084ce144e4b54267f69876d8104387
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.dsc
Size/MD5: 685 c22deb12d9a0943e3a66aad1a83c3857
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.orig.tar.gz
Size/MD5: 905983 2cd85d36012b4d2c6947f7c17ad45b3e
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_amd64.deb
Size/MD5: 85086 e894b1b0168138fdb46d0c55095252bf
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_amd64.deb
Size/MD5: 326258 1e7da4aa300a082cdf8034639de4f0a0
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_i386.deb
Size/MD5: 78912 b46dd5373458dd5500b2513edc6ceec8
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_i386.deb
Size/MD5: 298016 5df2e64e0ac064876aa21d29c086f902
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_powerpc.deb
Size/MD5: 86902 c7c905f335db1bae382af11fe659d335
http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_powerpc.deb
Size/MD5: 319518 1a7abc7fd9645d47d045f63d9f980528
| VAR-200512-0678 | CVE-2005-4570 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
TITLE:
IPsec-Tools ISAKMP IKE Message Processing Denial of Service
SECUNIA ADVISORY ID:
SA17668
VERIFY ADVISORY:
http://secunia.com/advisories/17668/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
IPsec-Tools 0.x
http://secunia.com/product/3352/
DESCRIPTION:
A vulnerability has been reported in IPsec-Tools, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a NULL pointer dereferencing error
when processing certain ISAKMP packets in aggressive mode.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
SOLUTION:
Update to version 0.6.3.
http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adrian Portelli.
ORIGINAL ADVISORY:
http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0314 | CVE-2005-3804 | Cisco 7920 wireless IP Phone open UDP Port vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. The Cisco 7920 wireless IP phone can provide Voice Over IP services over an IEEE 802.11b Wi-Fi network, which is similar to a cordless phone.
1) The SNMP service that runs on the IP phone uses fixed read-only
and read-write community strings of "public" and "private", which
cannot be changed by the user. This can be exploited to retrieve and
modify the device configuration, including stored user data such as
phone book entries by sending SNMP GetRequest or SetRequest to
phone.
SOLUTION:
Apply firmware update.
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0099 | CVE-2005-3715 | Senao SI-680H VOIP WIFI phone VxWorks Remote debugger access vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service. Senao SI-680H and SI-7800H VOIP WIFI Phone allows remote debugger connections. Successful exploitation of this vulnerability could allow a remote attacker to obtain debugging information from the device or cause a denial of service.
Senao SI-680H VOIP WIFI Phones running firmware version 0.03.0839, and Sanao SI-7800H running firmware version 0.03.0001 are prone to this issue. Other versions may also be vulnerable. Senao SI-680H is a wireless phone.
SOLUTION:
Restrict use to within trusted networks only.
PROVIDED AND/OR DISCOVERED BY:
Shawn Merdinger
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038836.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0512 | No CVE | CNVD-2005-4020 |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
The Cisco 7920 Wireless IP Phone is a VOIP-enabled phone system. The Cisco 7920 Wireless IP Phone allows remote debugging of connections, and remote attackers can exploit the vulnerability to obtain debugging information for the device or cause a denial of service attack. The Cisco 7920 Wireless IP Phone listens on UDP port 17185 for remote VxWorks debugging. The port allows remote users to collect debugging information or perform denial of service attacks
| VAR-200511-0513 | No CVE | Hitachi WirelessIP 5000+ unauthorized access vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The WirelessIP5000 developed by Hitachi Cable is an open wireless IP phone that complies with the VoIP standard communication protocol SIP.
There are multiple security vulnerabilities in WirelessIP5000, as follows:
(a) The existence of an undocumented open port TCP / 3390 in the WirelessIP5000 phone may allow remote unauthenticated attackers to access sensitive information and may cause a denial of service;
(b) A vulnerability in the WirelessIP5000 phone could allow remote attackers to change device configuration using SNMP;
(c) The default configuration of the WirelessIP5000 phone HTTP server requires no credentials to authenticate, so remote attackers can perform management functions without authentication;
(d) WirelessIP5000 phone HTTP server may leak sensitive information;
(e) There is a default management password in the WirelessIP5000 phone. An attacker who knows this password can take complete control of the device.
| VAR-200511-0514 | No CVE | Nortel Switched Firewall IKE Communication Multiple Security Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Nortel's Switched Firewall is a small, rack-mounted firewall appliance that leverages unique accelerator technology and Check Point FW-1 NG software to protect high-traffic IT data centers, service provider networks, and hosting infrastructure. Multiple Nortel Switched Firewall products have vulnerabilities in handling IPSec IKE messages, which may be exploited by remote attackers to execute arbitrary commands on the host or cause a denial of service. IPSec's PROTOS test component tests the design limitations of IPSec implementation by sending malformed IKE messages to the target device. If a specific malformed message is received, a vulnerable firewall may refuse the service or execute arbitrary code. Nortel Switched Firewall is prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic
| VAR-200511-0313 | CVE-2005-3803 | Cisco 7920 wireless IP Fixed phone SNMP Community string vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. This could allow remote attackers to retrieve and modify the device configuration.
Cisco 7920 Wireless IP Phones running firmware version 1.0(8) and earlier are vulnerable to this issue. This can be exploited to retrieve and
modify the device configuration, including stored user data such as
phone book entries by sending SNMP GetRequest or SetRequest to
phone.
2) The IP phone listens on port 17185/udp to allow connections from
the VxWorks debugger. This may be exploit to collect debugging
information or to cause a DoS on the device.
SOLUTION:
Apply firmware update.
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0016 | CVE-2005-3670 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ I SAKMP (Internet Security Association and Key Management Protocol) Authentication, key management, and SA (security association) of 3 A collective term for multiple protocols. ISAKMP Derived from IKE Is IPSec Key exchange protocol for encrypted communication. In many environments IKEv1 Is used. IKE Communication by phase 1 And phase 2 Divided into phases 1 Then establish a secure communication path, ISAKMP SA Called IKE Exchange own messages. In multiple products ISAKMP/IKE Implementation is illegal ISAKMP Phase 1 There is a problem that causes abnormal behavior when receiving this packet because there is a flaw in the processing of the packet. IKE When a deliberately created packet is sent by a remote attacker with specific information for communication by ISAKMP Services or devices that implement the may be in a service outage.Please refer to the “Overview” for the impact of this vulnerability. HP-UX is prone to denial of service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
This issue was discovered with the PROTOS ISAKMP Test Suite and is related to the handling of malformed IKEv1 traffic.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0674 | CVE-2005-4566 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
ADTRAN OS 10.03.03.E is available to address these issues.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
The vulnerabilities have been reported in ADTRAN OS-based NetVanta
products that has the IPSec VPN functionality (Enhanced Feature Pack
software) installed.
The fix will also be included in the official release of ADTRAN OS
10.04.00.E.
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0673 | CVE-2005-4565 | ADTRAN NetVanta Products IKE Traffic Multiple Unspecified Vulnerabilities |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
ADTRAN OS 10.03.03.E is available to address these issues.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
The vulnerabilities have been reported in ADTRAN OS-based NetVanta
products that has the IPSec VPN functionality (Enhanced Feature Pack
software) installed.
The fix will also be included in the official release of ADTRAN OS
10.04.00.E.
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200512-0672 | CVE-2005-4564 | ADTRAN NetVanta Products IKE Traffic Multiple Unspecified Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Certain ADTRAN NetVanta products are prone to multiple unspecified vulnerabilities in IKEv1.
Some of the issues could potentially allow for remote code execution and complete compromise of affected devices. This has not been confirmed.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic.
ADTRAN OS 10.03.03.E is available to address these issues.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
The vulnerabilities have been reported in ADTRAN OS-based NetVanta
products that has the IPSec VPN functionality (Enhanced Feature Pack
software) installed.
The fix will also be included in the official release of ADTRAN OS
10.04.00.E.
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0288 | CVE-2005-3768 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Gateway Security 400 is prone to a denial-of-service vulnerability.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0162 | CVE-2005-3915 | Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.
For more information:
SA17553
Several other bugs have also been fixed in this update.
The vulnerability is caused due to errors in the processing of IKEv1
Phase 1 protocol exchange messages. This can be exploited to cause a
DoS.
* Cisco IOS versions based on 12.2SXD, 12.3T, 12.4 and 12.4T
* Cisco PIX Firewall versions up to but not including 6.3(5)
* Cisco PIX Firewall/ASA versions up to but not including 7.0.1.4
* Cisco Firewall Services Module (FWSM) versions up to but not
including 2.3(3)
* Cisco VPN 3000 Series Concentrators versions up to but not
including 4.1(7)H and 4.7(2)B
* Cisco MDS Series SanOS versions up to but not including 2.1(2)
Note: For Cisco IOS, only images that contain the Crypto Feature Set
are vulnerable.
SOLUTION:
See patch matrix in vendor advisory for information about fixes.
http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software
PROVIDED AND/OR DISCOVERED BY:
Oulu University Secure Programming Group (OUSPG) .
For more information:
SA17553
Successful exploitation reportedly requires that the attacker is able
to perform a full IKE negotiation with the affected system and
requires authentication.
* VPN-1/Firewall-1 NG with AI R54 prior to HFA_417.
* VPN-1/Firewall-1 NG with AI R55 prior to HFA_16.
* VPN-1/Firewall-1 NG with AI R55W prior to HFA_04.
* VPN-1/Firewall-1 NG with AI R55P prior to HFA_06.
* VPN-1 Pro NGX R60 prior to HFA_01.
* Check Point Express CI R57.
* Firewall-1 GX 3.0.
SOLUTION:
Install the latest HFA (HotFix Accumulator).
Note: A fix will reportedly not be released for NG FP3. The vendor
recommends upgrading to a recent version, and to the most recent HFA
of this version.
The vendor reportedly will release hotfixes for Check Point Express
CI and Firewall-1 GX 3.0 at a later date.
The vulnerability is related to:
SA17553
SOLUTION:
Refer to the original advisory from Nortel Networks for instructions
how to apply fixes.
The vulnerability is related to:
SA17553
Successful exploitation requires a weak racoon configuration (e.g. no
lifetime proposal or obey mode), and using 3DES/SHA1/DH2.
TITLE:
Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of
Service
SECUNIA ADVISORY ID:
SA17684
VERIFY ADVISORY:
http://secunia.com/advisories/17684/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 400 Series
http://secunia.com/product/6175/
Symantec Gateway Security 300 Series
http://secunia.com/product/6176/
Symantec Gateway Security 3.x
http://secunia.com/product/6177/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/
SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
DESCRIPTION:
Symantec has acknowledged a vulnerability in various Symantec
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
For more information:
SA17553
Successful exploitation causes a DoS of the dynamic VPN services.
The vulnerability has been reported in the following products.
* Symantec Enterprise Firewall version 8.0 (Windows)
* Symantec Enterprise Firewall version 8.0 (Solaris)
* Symantec Gateway Security 5000 Series version 3.0
* Symantec Gateway Security 5400 version 2.0.1
* Symantec Gateway Security 5310 version 1.0
* Symantec Gateway Security 5200/5300 version 1.0
* Symantec Gateway Security 5100
* Symantec Gateway Security 400 version 2.0
* Symantec Gateway Security 300 version 2.0
* Symantec Firewall /VPN Appliance 200/200R
* Symantec Firewall /VPN Appliance 100
SOLUTION:
Apply hotfixes.
Symantec Enterprise Firewall version 8.0 (Windows):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html
Symantec Enterprise Firewall version 8.0 (Solaris):
Apply SEF8.0-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html
Symantec Gateway Security 5000 Series version 3.0:
Apply SGS3.0-2005114-02.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html
Symantec Gateway Security 5400 version 2.0.1:
Apply SGS2.0.1-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html
Symantec Gateway Security 5310 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html
Symantec Gateway Security 5200/5300 version 1.0:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html
Symantec Gateway Security 5100:
Apply SG7004-20051114-00.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html
Symantec Gateway Security 400 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html
Symantec Gateway Security 300 version 2.0:
Update to build 1103.
http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html
Symantec Firewall /VPN Appliance 200/200R:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html
Symantec Firewall /VPN Appliance 100:
Update to build 1.8F.
http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html
OTHER REFERENCES:
SA17553:
http://secunia.com/advisories/17553/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0302 | CVE-2005-3792 | PHPNuke Search Module SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demonstrated via the query parameter in a stories type. PHPNuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. phpnuke is an open source website building program.
TITLE:
PHP-Nuke "query" SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA17543
VERIFY ADVISORY:
http://secunia.com/advisories/17543/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data
WHERE:
>From remote
SOFTWARE:
PHP-Nuke 7.x
http://secunia.com/product/2385/
DESCRIPTION:
sp3x has discovered a vulnerability in PHP-Nuke, which can be
exploited by malicious people to conduct SQL injection attacks. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability has been confirmed in version 7.8. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
sp3x
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0312 | CVE-2005-3802 | Belkin Wireless Router Remote Authentication Bypass Vulnerability |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. Certain Belkin wireless routers are susceptible to a remote authentication bypass vulnerability. This issue is due to a flaw in the Web administration interface authentication process.
This issue allows remote attackers to gain administrative access to affected devices.
Belkin F5D7232-4, and F5D7230-4 routers with firmware versions 4.05.03 and 4.03.03 are affected by this issue. Other devices may also be affected due to code reuse among devices. Belkin Corporation is a manufacturer of peripheral electronic products, and F5D7232-4 and F5D7230-4 are wireless routers produced by it.
TITLE:
Belkin Wireless G Router Web Management Authentication Bypass
SECUNIA ADVISORY ID:
SA17601
VERIFY ADVISORY:
http://secunia.com/advisories/17601/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Belkin Wireless G Router
http://secunia.com/product/6130/
DESCRIPTION:
Andrei Mikhailovsky has reported a vulnerability in Belkin Wireless G
Router, which can be exploited by malicious people to bypass certain
security restrictions.
The vulnerability is caused due to an access control error in the
router's web-based management page.
The vulnerability has been reported in models F5D7230-4 and F5D7232-4
using the latest firmware 4.03.03 and 4.05.03.
SOLUTION:
Restrict access to the web-based management page.
PROVIDED AND/OR DISCOVERED BY:
Andrei Mikhailovsky, Arhont Ltd.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-200511-0298 | CVE-2005-3788 | Cisco Adaptive Security Applicance Failover denial of service vulnerability |
CVSS V2: 5.4 CVSS V3: - Severity: MEDIUM |
Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attackers to cause a denial of service (standby firewall failure) by sending spoofed ARP responses from an IP address of an active firewall, which prevents the standby firewall from becoming active, aka "failover denial of service.". Cisco Adaptive Security Appliances are prone to a weakness that may cause a denial of service condition in certain circumstances. This issue is due to insufficient validation of ARP responses.
This issue reportedly affects Cisco ASA devices running 7.0(0), 7.0(2), and 7.0(4). Other versions may also be affected. The Cisco ASA Series Adaptive Security Appliances are Cisco's purpose-designed solutions that combine the highest security and VPN services with a new Adaptive Identification and Defense (AIM) architecture. Whether the firewall is alive, but not authenticating the response to the request.
The weakness is caused due to the ASA failover testing algorithm
failing to properly identify that the active firewall has failed. This can be exploited to prevent
the standby firewall from activating via spoofed ARP responses. The
failover may also fail to happen if there is another device with the
same IP address as the active firewall on the same network subnet.
The weakness has been reported in ASA running 7.0(0), 7.0(2), and
7.0(4).
SOLUTION:
The vendor recommends that port security should be configured for all
switch ports in the same VLANs as the active and standby firewalls
enabled interfaces to prevent an attacker from spoofing the active
firewall's interface MAC address.
The firewall log should also be monitored for any IP address
collisions.
PROVIDED AND/OR DISCOVERED BY:
Amin Tora, ePlus Security Team.
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------