{"vuid":"VU#226364","idnumber":"226364","name":"Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations","keywords":["ISAKMP","vulnerability","IKE","IPSec"],"overview":"Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner.","clean_desc":"The U.K. National Infrastructure Security Co-ordination Center (NISCC) and CERT-FI have reported numerous vulnerabilities in IKEv1 implementations. The IKE protocol (RFC 2409) operates within the framework of the Internet Security Association (SA) and Key Management Protocol (ISAKMP, RFC 2408) and provides a way for nodes to authenticate each other and exchange keying material that is used to establish secure network services. IKE is commonly used by IPSec-based VPNs. The IKE negotiation process consists of two phases. Phase 1 establishes an ISAKMP SA. Phase 2 is used to create SAs for other security protocols. These vulnerabilities were discovered using the PROTOS Test Tool developed by Oulu University Secure Programming Group (OUSPG). The results of the tests are described in NISCC Vulnerability Advisory 273756/NISCC/ISAKMP. According to that advisory, many IKEv1 implementations contain buffer overflow, format string, and other unspecified vulnerabilities in phase 1 of IKEv1. Exploitation of these vulnerabilities may allow a remote attacker to compromise a system's security.","impact":"These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, gain access to sensitive information, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. In addition, many of these vulnerabilities may be exploited remotely by sending a specially crafted packet to a vulnerable IKEv1 installation.","resolution":"Apply a patch from an affected product vendor","workarounds":"","sysaffected":"","thanks":"These vulnerabilities were reported by NISCC and CERT-FI","author":"This document was written by Jeff Gennari.","public":["http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp","http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm","http://www.auscert.org.au/5748","http://jvn.jp/niscc/NISCC-273756/index.html","http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en","http://secunia.com/advisories/17608/","http://secunia.com/advisories/17621/","http://secunia.com/advisories/17553/","http://secunia.com/advisories/17684/","http://secunia.com/advisories/17668/","http://secunia.com/advisories/17663/","http://secunia.com/advisories/17838/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-11-11T15:14:46Z","publicdate":"2005-11-14T00:00:00Z","datefirstpublished":"2005-11-17T17:31:57Z","dateupdated":"2006-01-03T15:39:39Z","revision":43,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"6","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"16.5375","cam_scorecurrentwidelyknown":"20.475","cam_scorecurrentwidelyknownexploited":"36.225","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":16.5375,"vulnote":null}