Details of VAR-200312-0020

ID

VAR-200312-0020

CVE

CVE-2003-1320

TITLE

Multiple vendors' Internet Key Exchange (IKE) implementations do not properly handle IKE response packets

Trust: 0.8

sources: CERT/CC: VU#287771

DESCRIPTION

SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. Internet Key Exchange (IKE) implementations from several vendors contain buffer overflows and denial-of-service conditions. The buffer overflow vulnerabilities could permit an attacker to execute arbitrary code on a vulnerable system. SonicWALL Firmware is prone to a denial-of-service vulnerability. This is reported to cause the daemon to crash. This issue may be related to the multiple IKE implementation vulnerabilities described in CERT/CC Vulnerability Note VU#287771. Other vendor products are reported to be affected by similar issues. There are currently not enough details available to determine if PGPFreeware is affected by any of these specific issues. This issue was reported in PGPFreeware 7.03 running on Windows NT 4.0 SP6. The Cisco VPN Client is prone to a remotely exploitable buffer overflow condition. It is possible to trigger this condition by sending malformed IKE packets to the client. The overflow occurs when the Security Parameter Index payload of the IKE packet is longer than 16 bytes in length. It is possible that exploitation of this vulnerability may affect availability of the client, resulting in a denial of service condition. This issue is reported to be exploitable when the client software is operating in Aggressive Mode during a phase 1 IKE exchange. This vulnerability affects versions of the client on all platforms. When vulnerable clients receive a specific IKE packet with a zero length payload, the VPN client will consume all available processor time. Previous versions of SonicWALL firmware were vulnerable

Trust: 3.6

sources: NVD: CVE-2003-1320 // CERT/CC: VU#287771 // BID: 78313 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // VULHUB: VHN-8145

AFFECTED PRODUCTS

vendor:	sonicwall	model:	-	scope:	lte	version:	6.4.0.1	Trust: 1.0
vendor:	sonicwall	model:	-	scope:	eq	version:	6.4.0.1	Trust: 0.9
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.1	Trust: 0.9
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.2	Trust: 0.9
vendor:	cisco	model:	vpn client for solaris	scope:	eq	version:	3.5.1	Trust: 0.9
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.2	Trust: 0.9
vendor:	cisco	model:	vpn client for mac os	scope:	eq	version:	x3.5.1	Trust: 0.9
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.2	Trust: 0.9
vendor:	cisco	model:	vpn client for linux	scope:	eq	version:	3.5.1	Trust: 0.9
vendor:	cisco	model:	vpn client for windows	scope:	ne	version:	3.6	Trust: 0.9
vendor:	cisco	model:	vpn client for solaris	scope:	ne	version:	3.6	Trust: 0.9
vendor:	cisco	model:	vpn client for mac os	scope:	ne	version:	x3.6	Trust: 0.9
vendor:	cisco	model:	vpn client for linux	scope:	ne	version:	3.6	Trust: 0.9
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netscreen	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	network associates	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openbsd	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	pgp	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	safenet	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	vpn client for windows	scope:	eq	version:	3.5.2	Trust: 0.6
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.1	Trust: 0.3
vendor:	openbsd	model:	openbsd	scope:	eq	version:	3.0	Trust: 0.3
vendor:	netscreen	model:	netscreen-remote vpn client	scope:	eq	version:	8.0	Trust: 0.3
vendor:	netscreen	model:	netscreen-remote security client	scope:	eq	version:	8.0	Trust: 0.3
vendor:	netscreen	model:	netscreen-remote vpn client	scope:	ne	version:	8.1	Trust: 0.3
vendor:	netscreen	model:	netscreen-remote security client	scope:	ne	version:	8.1	Trust: 0.3
vendor:	network	model:	associates pgp freeware	scope:	eq	version:	7.0.3	Trust: 0.3

sources: CERT/CC: VU#287771 // BID: 78313 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // CNNVD: CNNVD-200312-168 // NVD: CVE-2003-1320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1320
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#287771
value:	1.03
Trust: 0.8
CNNVD:	CNNVD-200312-168
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8145
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1320
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8145
severity:	MEDIUM
baseScore:	5.1
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	4.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#287771 // VULHUB: VHN-8145 // CNNVD: CNNVD-200312-168 // NVD: CVE-2003-1320

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.1

sources: VULHUB: VHN-8145 // NVD: CVE-2003-1320

THREAT TYPE

network

Trust: 2.1

sources: BID: 78313 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440

TYPE

Boundary Condition Error

Trust: 1.2

sources: BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443

EXTERNAL IDS

db:	CERT/CC	id:	VU#287771	Trust: 4.3
db:	NVD	id:	CVE-2003-1320	Trust: 2.0
db:	BID	id:	5440	Trust: 1.1
db:	BID	id:	5668	Trust: 1.1
db:	BID	id:	5449	Trust: 1.1
db:	BID	id:	5443	Trust: 1.1
db:	BID	id:	5441	Trust: 1.1
db:	CNNVD	id:	CNNVD-200312-168	Trust: 0.6
db:	BID	id:	78313	Trust: 0.4
db:	BID	id:	5589	Trust: 0.3
db:	VULHUB	id:	VHN-8145	Trust: 0.1

sources: CERT/CC: VU#287771 // VULHUB: VHN-8145 // BID: 78313 // BID: 5589 // BID: 5668 // BID: 5449 // BID: 5441 // BID: 5443 // BID: 5440 // CNNVD: CNNVD-200312-168 // NVD: CVE-2003-1320

REFERENCES

url:	http://www.kb.cert.org/vuls/id/287771	Trust: 3.5
url:	http://www.kb.cert.org/vuls/id/aamn-5l74vd	Trust: 2.0
url:	http://www.ietf.org/html.charters/ipsec-charter.html	Trust: 0.8
url:	http://www.ietf.org/rfc/rfc2408.txt	Trust: 0.8
url:	http://www.ietf.org/rfc/rfc2409.txt	Trust: 0.8
url:	http://www.ietf.org/rfc/rfc2412.txt	Trust: 0.8
url:	http://www.vpnc.org/	Trust: 0.8
url:	http://online.securityfocus.com/bid/5440	Trust: 0.8
url:	http://online.securityfocus.com/bid/5441	Trust: 0.8
url:	http://online.securityfocus.com/bid/5443	Trust: 0.8
url:	http://www.securityfocus.com/bid/5449	Trust: 0.8
url:	http://www.securityfocus.com/bid/5668	Trust: 0.8
url:	http://ikecrack.sourceforge.net/	Trust: 0.8
url:	http://www.nta-monitor.com/ike-scan/	Trust: 0.8
url:	http://www.openbsd.org/errata.html#isakmpd	Trust: 0.3
url:	http://www.netscreen.com/support/alerts/9_6_02.htm	Trust: 0.3

CREDITS

Published in a Cisco Security Advisory. CERT/CC credits Anton Rager of Avaya Communications with discovery.

Trust: 0.9

sources: BID: 5441 // BID: 5443 // BID: 5440

SOURCES

db:	CERT/CC	id:	VU#287771
db:	VULHUB	id:	VHN-8145
db:	BID	id:	78313
db:	BID	id:	5589
db:	BID	id:	5668
db:	BID	id:	5449
db:	BID	id:	5441
db:	BID	id:	5443
db:	BID	id:	5440
db:	CNNVD	id:	CNNVD-200312-168
db:	NVD	id:	CVE-2003-1320

LAST UPDATE DATE

2024-08-14T12:23:44.429000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#287771	date:	2004-02-09T00:00:00
db:	VULHUB	id:	VHN-8145	date:	2008-09-05T00:00:00
db:	BID	id:	78313	date:	2003-12-31T00:00:00
db:	BID	id:	5589	date:	2002-07-05T00:00:00
db:	BID	id:	5668	date:	2002-09-07T00:00:00
db:	BID	id:	5449	date:	2002-08-12T00:00:00
db:	BID	id:	5441	date:	2002-08-12T00:00:00
db:	BID	id:	5443	date:	2002-08-12T00:00:00
db:	BID	id:	5440	date:	2002-08-12T00:00:00
db:	CNNVD	id:	CNNVD-200312-168	date:	2007-03-30T00:00:00
db:	NVD	id:	CVE-2003-1320	date:	2008-09-05T20:36:37.667

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#287771	date:	2002-08-12T00:00:00
db:	VULHUB	id:	VHN-8145	date:	2003-12-31T00:00:00
db:	BID	id:	78313	date:	2003-12-31T00:00:00
db:	BID	id:	5589	date:	2002-07-05T00:00:00
db:	BID	id:	5668	date:	2002-09-07T00:00:00
db:	BID	id:	5449	date:	2002-08-12T00:00:00
db:	BID	id:	5441	date:	2002-08-12T00:00:00
db:	BID	id:	5443	date:	2002-08-12T00:00:00
db:	BID	id:	5440	date:	2002-08-12T00:00:00
db:	CNNVD	id:	CNNVD-200312-168	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1320	date:	2003-12-31T05:00:00