ID

VAR-200212-0850


CVE

CVE-2002-2223


TITLE

Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets

Trust: 0.8

sources: CERT/CC: VU#287771

DESCRIPTION

Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload. Internet Key Exchange (IKE) implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. This is reported to cause the daemon to crash. This issue may be related to the multiple IKE implementation vulnerabilities described in CERT/CC Vulnerability Note VU#287771. Other vendor products are reported to be affected by similar issues. There are currently not enough details available to determine if PGPFreeware is affected by any of these specific issues. This issue was reported in PGPFreeware 7.03 running on Windows NT 4.0 SP6. The Cisco VPN Client is prone to a remotely exploitable buffer overflow condition. It is possible to trigger this condition by sending malformed IKE packets to the client. The overflow occurs when the Security Parameter Index payload of the IKE packet is longer than 16 bytes in length. It is possible that exploitation of this vulnerability may affect availability of the client, resulting in a denial of service condition. This issue is reported to be exploitable when the client software is operating in Aggressive Mode during a phase 1 IKE exchange. This vulnerability affects versions of the client on all platforms. When vulnerable clients receive a specific IKE packet with a zero length payload, the VPN client will consume all available processor time. < *Link: http://www.netscreen.com/support/alerts/9_6_02.htm* >

Trust: 3.33

sources: NVD: CVE-2002-2223 // CERT/CC: VU#287771 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // VULHUB: VHN-6606

AFFECTED PRODUCTS

vendor:junipermodel:netscreen remote vpn clientscope:eqversion:8.0

Trust: 1.6

vendor:junipermodel:netscreen remote security clientscope:eqversion:8.0

Trust: 1.6

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.5.1

Trust: 0.9

vendor:ciscomodel:vpn client for solarisscope:eqversion:3.5.2

Trust: 0.9

vendor:ciscomodel:vpn client for solarisscope:eqversion:3.5.1

Trust: 0.9

vendor:ciscomodel:vpn client for mac osscope:eqversion:x3.5.2

Trust: 0.9

vendor:ciscomodel:vpn client for mac osscope:eqversion:x3.5.1

Trust: 0.9

vendor:ciscomodel:vpn client for linuxscope:eqversion:3.5.2

Trust: 0.9

vendor:ciscomodel:vpn client for linuxscope:eqversion:3.5.1

Trust: 0.9

vendor:ciscomodel:vpn client for windowsscope:neversion:3.6

Trust: 0.9

vendor:ciscomodel:vpn client for solarisscope:neversion:3.6

Trust: 0.9

vendor:ciscomodel:vpn client for mac osscope:neversion:x3.6

Trust: 0.9

vendor:ciscomodel:vpn client for linuxscope:neversion:3.6

Trust: 0.9

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:netscreenmodel: - scope: - version: -

Trust: 0.8

vendor:network associatesmodel: - scope: - version: -

Trust: 0.8

vendor:openbsdmodel: - scope: - version: -

Trust: 0.8

vendor:pgpmodel: - scope: - version: -

Trust: 0.8

vendor:safenetmodel: - scope: - version: -

Trust: 0.8

vendor:sonicwallmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel:vpn client for windowsscope:eqversion:3.5.2

Trust: 0.6

vendor:openbsdmodel:openbsdscope:eqversion:3.1

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:3.0

Trust: 0.3

vendor:netscreenmodel:netscreen-remote vpn clientscope:eqversion:8.0

Trust: 0.3

vendor:netscreenmodel:netscreen-remote security clientscope:eqversion:8.0

Trust: 0.3

vendor:netscreenmodel:netscreen-remote vpn clientscope:neversion:8.1

Trust: 0.3

vendor:netscreenmodel:netscreen-remote security clientscope:neversion:8.1

Trust: 0.3

vendor:networkmodel:associates pgp freewarescope:eqversion:7.0.3

Trust: 0.3

sources: CERT/CC: VU#287771 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // CNNVD: CNNVD-200212-370 // NVD: CVE-2002-2223

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-2223
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#287771
value: 1.03

Trust: 0.8

CNNVD: CNNVD-200212-370
value: MEDIUM

Trust: 0.6

VULHUB: VHN-6606
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-2223
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-6606
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#287771 // VULHUB: VHN-6606 // CNNVD: CNNVD-200212-370 // NVD: CVE-2002-2223

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2223

THREAT TYPE

network

Trust: 1.8

sources: BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440

TYPE

Boundary Condition Error

Trust: 1.8

sources: BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // CNNVD: CNNVD-200212-370

EXTERNAL IDS

db:CERT/CCid:VU#287771

Trust: 4.0

db:BIDid:5668

Trust: 2.8

db:NVDid:CVE-2002-2223

Trust: 1.7

db:BIDid:5440

Trust: 1.1

db:BIDid:5449

Trust: 1.1

db:BIDid:5443

Trust: 1.1

db:BIDid:5441

Trust: 1.1

db:CNNVDid:CNNVD-200212-370

Trust: 0.7

db:XFid:9850

Trust: 0.6

db:NSFOCUSid:3476

Trust: 0.6

db:BIDid:5589

Trust: 0.3

db:VULHUBid:VHN-6606

Trust: 0.1

sources: CERT/CC: VU#287771 // VULHUB: VHN-6606 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // CNNVD: CNNVD-200212-370 // NVD: CVE-2002-2223

REFERENCES

url:http://www.kb.cert.org/vuls/id/287771

Trust: 3.2

url:http://www.securityfocus.com/bid/5668

Trust: 2.5

url:http://www.netscreen.com/support/alerts/9_6_02.htm

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/9850

Trust: 1.1

url:http://www.ietf.org/html.charters/ipsec-charter.html

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2408.txt

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2409.txt

Trust: 0.8

url:http://www.ietf.org/rfc/rfc2412.txt

Trust: 0.8

url:http://www.vpnc.org/

Trust: 0.8

url:http://online.securityfocus.com/bid/5440

Trust: 0.8

url:http://online.securityfocus.com/bid/5441

Trust: 0.8

url:http://online.securityfocus.com/bid/5443

Trust: 0.8

url:http://www.securityfocus.com/bid/5449

Trust: 0.8

url:http://ikecrack.sourceforge.net/

Trust: 0.8

url:http://www.nta-monitor.com/ike-scan/

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/9850

Trust: 0.6

url:http://www.nsfocus.net/vulndb/3476

Trust: 0.6

url:http://www.openbsd.org/errata.html#isakmpd

Trust: 0.3

sources: CERT/CC: VU#287771 // VULHUB: VHN-6606 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // CNNVD: CNNVD-200212-370 // NVD: CVE-2002-2223

CREDITS

Published in a Cisco Security Advisory. CERT/CC credits Anton Rager of Avaya Communications with discovery.

Trust: 0.9

sources: BID: 5441 // BID: 5443 // BID: 5440

SOURCES

db:CERT/CCid:VU#287771
db:VULHUBid:VHN-6606
db:BIDid:5589
db:BIDid:5668
db:BIDid:5449
db:BIDid:5441
db:BIDid:5443
db:BIDid:5440
db:CNNVDid:CNNVD-200212-370
db:NVDid:CVE-2002-2223

LAST UPDATE DATE

2024-08-14T12:19:45.117000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#287771date:2004-02-09T00:00:00
db:VULHUBid:VHN-6606date:2017-07-29T00:00:00
db:BIDid:5589date:2002-07-05T00:00:00
db:BIDid:5668date:2002-09-07T00:00:00
db:BIDid:5449date:2002-08-12T00:00:00
db:BIDid:5441date:2002-08-12T00:00:00
db:BIDid:5443date:2002-08-12T00:00:00
db:BIDid:5440date:2002-08-12T00:00:00
db:CNNVDid:CNNVD-200212-370date:2007-02-28T00:00:00
db:NVDid:CVE-2002-2223date:2017-07-29T01:29:00.747

SOURCES RELEASE DATE

db:CERT/CCid:VU#287771date:2002-08-12T00:00:00
db:VULHUBid:VHN-6606date:2002-12-31T00:00:00
db:BIDid:5589date:2002-07-05T00:00:00
db:BIDid:5668date:2002-09-07T00:00:00
db:BIDid:5449date:2002-08-12T00:00:00
db:BIDid:5441date:2002-08-12T00:00:00
db:BIDid:5443date:2002-08-12T00:00:00
db:BIDid:5440date:2002-08-12T00:00:00
db:CNNVDid:CNNVD-200212-370date:2002-09-07T00:00:00
db:NVDid:CVE-2002-2223date:2002-12-31T05:00:00