{"vuid":"VU#432097","idnumber":"432097","name":"Novell Bordermanager VPN Service denial-of-service vulnerability","keywords":["Striker","Novell","Bordermanager","IKE.NLM","abend"],"overview":"A vulnerability exists in the Novell Bordermanager VPN service that could allow a remote attacker to cause a denial of service.","clean_desc":"The Novell Bordermanager product includes Virtual Private Network (VPN) capabilities, including support for the standard Internet Key Exchange (IKE) protocol. A flaw exists in the way the VPN service handles certain malformed IKE packets. This flaw creates a remotely exploitable denial of service vulnerability that could cause an affected device to crash. The specific nature of the IKE packet malformation exploiting the vulnerability is unknown.","impact":"A remote attacker with the ability to craft malformed IKE packets could cause an \"abnormal ending\" (abend) in the IKE.NLM module. This condition creates a denial of service on the server and causes clients previously connected to the server to hang.","resolution":"Apply a patch from the vendor Patches are available to address this issue. Please see the Systems Affected section of this document for more information.","workarounds":"","sysaffected":"","thanks":"Thanks to the \nNovell\n product security team for reporting this vulnerability. This vulnerability was discovered using the Striker test suite from \nRapid7","author":"This document was written by Chad R Dougherty.","public":[],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-08-20T17:58:48Z","publicdate":"2004-07-12T00:00:00Z","datefirstpublished":"2004-08-25T13:56:28Z","dateupdated":"2004-08-25T13:56:31Z","revision":16,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"11","cam_impact":"8","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"7.425","cam_scorecurrentwidelyknown":"9.28125","cam_scorecurrentwidelyknownexploited":"16.70625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.425,"vulnote":null}