Details of VAR-200511-0018

ID

VAR-200511-0018

CVE

CVE-2005-3672

TITLE

Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations

Trust: 0.8

sources: CERT/CC: VU#226364

DESCRIPTION

The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. Stonesoft StoneGate Firewall and VPN Client are prone to multiple unspecified vulnerabilities in its IKEv1 implementation. Potential issues include denial of service attacks, format strings, and buffer overflows. These issues were discovered with the PROTOS ISAKMP Test Suite and are related to handling of malformed IKEv1 traffic. Stonesoft StoneGate Firewall is a firewall. TITLE: Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of Service SECUNIA ADVISORY ID: SA17684 VERIFY ADVISORY: http://secunia.com/advisories/17684/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Symantec Gateway Security 400 Series http://secunia.com/product/6175/ Symantec Gateway Security 300 Series http://secunia.com/product/6176/ Symantec Gateway Security 3.x http://secunia.com/product/6177/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ Symantec Gateway Security 1.x http://secunia.com/product/876/ Symantec Firewall/VPN Appliance 100/200/200R http://secunia.com/product/552/ SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/ DESCRIPTION: Symantec has acknowledged a vulnerability in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA17553 Successful exploitation causes a DoS of the dynamic VPN services. The vulnerability has been reported in the following products. * Symantec Enterprise Firewall version 8.0 (Windows) * Symantec Enterprise Firewall version 8.0 (Solaris) * Symantec Gateway Security 5000 Series version 3.0 * Symantec Gateway Security 5400 version 2.0.1 * Symantec Gateway Security 5310 version 1.0 * Symantec Gateway Security 5200/5300 version 1.0 * Symantec Gateway Security 5100 * Symantec Gateway Security 400 version 2.0 * Symantec Gateway Security 300 version 2.0 * Symantec Firewall /VPN Appliance 200/200R * Symantec Firewall /VPN Appliance 100 SOLUTION: Apply hotfixes. Symantec Enterprise Firewall version 8.0 (Windows): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html Symantec Enterprise Firewall version 8.0 (Solaris): Apply SEF8.0-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html Symantec Gateway Security 5000 Series version 3.0: Apply SGS3.0-2005114-02. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html Symantec Gateway Security 5400 version 2.0.1: Apply SGS2.0.1-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html Symantec Gateway Security 5310 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html Symantec Gateway Security 5200/5300 version 1.0: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html Symantec Gateway Security 5100: Apply SG7004-20051114-00. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html Symantec Gateway Security 400 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html Symantec Gateway Security 300 version 2.0: Update to build 1103. http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html Symantec Firewall /VPN Appliance 200/200R: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html Symantec Firewall /VPN Appliance 100: Update to build 1.8F. http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.11.21.html OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2005-3672 // CERT/CC: VU#226364 // BID: 15405 // VULHUB: VHN-14880 // PACKETSTORM: 41734

AFFECTED PRODUCTS

vendor:	stonesoft	model:	stonegate firewall	scope:	lte	version:	2.6.0	Trust: 1.0
vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nortel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openswan linux ipsec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	qnx	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	stonesoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	stonesoft	model:	stonegate firewall	scope:	eq	version:	2.6.0	Trust: 0.6
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	2.6	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	2.0.9	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	2.0.7	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	2.0	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	1.7.2	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	eq	version:	1.7	Trust: 0.3
vendor:	stonesoft	model:	stonegate high availability firewall and vpn	scope:	eq	version:	2.6	Trust: 0.3
vendor:	stonesoft	model:	stonegate high availability firewall and vpn	scope:	eq	version:	2.0.8	Trust: 0.3
vendor:	stonesoft	model:	stonegate high availability firewall and vpn	scope:	eq	version:	2.0	Trust: 0.3
vendor:	stonesoft	model:	stonegate high availability firewall and vpn	scope:	eq	version:	1.7	Trust: 0.3
vendor:	stonesoft	model:	stonegate vpn client	scope:	ne	version:	2.6.1	Trust: 0.3
vendor:	stonesoft	model:	stonegate high availability firewall and vpn	scope:	ne	version:	2.6.3	Trust: 0.3

sources: CERT/CC: VU#226364 // BID: 15405 // CNNVD: CNNVD-200511-252 // NVD: CVE-2005-3672

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-3672
value:	MEDIUM
Trust: 1.0
CARNEGIE MELLON:	VU#226364
value:	16.54
Trust: 0.8
CNNVD:	CNNVD-200511-252
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-14880
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-3672
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-14880
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-14880 // CNNVD: CNNVD-200511-252 // NVD: CVE-2005-3672

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-3672

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-252

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200511-252

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-14880

EXTERNAL IDS

db:	CERT/CC	id:	VU#226364	Trust: 2.5
db:	NVD	id:	CVE-2005-3672	Trust: 2.0
db:	BID	id:	15405	Trust: 2.0
db:	SECUNIA	id:	17566	Trust: 1.7
db:	VUPEN	id:	ADV-2005-2408	Trust: 1.7
db:	SECUNIA	id:	17684	Trust: 0.9
db:	SECUNIA	id:	17621	Trust: 0.8
db:	SECUNIA	id:	17663	Trust: 0.8
db:	SECUNIA	id:	17838	Trust: 0.8
db:	SECUNIA	id:	17553	Trust: 0.8
db:	SECUNIA	id:	17608	Trust: 0.8
db:	SECUNIA	id:	17668	Trust: 0.8
db:	AUSCERT	id:	ESB-2005.0924	Trust: 0.8
db:	CNNVD	id:	CNNVD-200511-252	Trust: 0.7
db:	VULHUB	id:	VHN-14880	Trust: 0.1
db:	PACKETSTORM	id:	41734	Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-14880 // BID: 15405 // PACKETSTORM: 41734 // CNNVD: CNNVD-200511-252 // NVD: CVE-2005-3672

REFERENCES

url:	http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en	Trust: 2.8
url:	http://jvn.jp/niscc/niscc-273756/index.html	Trust: 2.5
url:	http://www.stonesoft.com/support/security_advisories/7244.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/15405	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/226364	Trust: 1.7
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/	Trust: 1.7
url:	http://secunia.com/advisories/17566	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2005/2408	Trust: 1.1
url:	http://secunia.com/advisories/17553/	Trust: 0.9
url:	http://secunia.com/advisories/17684/	Trust: 0.9
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp	Trust: 0.8
url:	http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm	Trust: 0.8
url:	http://www.auscert.org.au/5748	Trust: 0.8
url:	http://secunia.com/advisories/17608/	Trust: 0.8
url:	http://secunia.com/advisories/17621/	Trust: 0.8
url:	http://secunia.com/advisories/17668/	Trust: 0.8
url:	http://secunia.com/advisories/17663/	Trust: 0.8
url:	http://secunia.com/advisories/17838/	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2005/2408	Trust: 0.6
url:	http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8_sol/files.html	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/3104/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_200r/files.html	Trust: 0.1
url:	http://secunia.com/product/6177/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_fw_vpn_appliance/sym_fw_vpn_appliance_100/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_fw_8/files.html	Trust: 0.1
url:	http://secunia.com/product/3587/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5310/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_5110/files.html	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/6175/	Trust: 0.1
url:	http://secunia.com/product/6176/	Trust: 0.1
url:	http://secunia.com/product/552/	Trust: 0.1
url:	http://securityresponse.symantec.com/avcenter/security/content/2005.11.21.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_300s_2/files.html	Trust: 0.1
url:	http://secunia.com/product/876/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_5600_3/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sgs_2_400/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_1_52005300/files.html	Trust: 0.1
url:	http://www.symantec.com/techsupp/enterprise/products/sym_gateway_security/sym_gw_security_201_5400/files.html	Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-14880 // BID: 15405 // PACKETSTORM: 41734 // CNNVD: CNNVD-200511-252 // NVD: CVE-2005-3672

CREDITS

Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.

Trust: 0.9

sources: BID: 15405 // CNNVD: CNNVD-200511-252

SOURCES

db:	CERT/CC	id:	VU#226364
db:	VULHUB	id:	VHN-14880
db:	BID	id:	15405
db:	PACKETSTORM	id:	41734
db:	CNNVD	id:	CNNVD-200511-252
db:	NVD	id:	CVE-2005-3672

LAST UPDATE DATE

2024-11-27T21:02:20.854000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#226364	date:	2006-01-03T00:00:00
db:	VULHUB	id:	VHN-14880	date:	2011-03-08T00:00:00
db:	BID	id:	15405	date:	2005-11-14T00:00:00
db:	CNNVD	id:	CNNVD-200511-252	date:	2005-12-05T00:00:00
db:	NVD	id:	CVE-2005-3672	date:	2024-11-21T00:02:24.360

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#226364	date:	2005-11-17T00:00:00
db:	VULHUB	id:	VHN-14880	date:	2005-11-18T00:00:00
db:	BID	id:	15405	date:	2005-11-14T00:00:00
db:	PACKETSTORM	id:	41734	date:	2005-11-22T18:19:46
db:	CNNVD	id:	CNNVD-200511-252	date:	2005-11-18T00:00:00
db:	NVD	id:	CVE-2005-3672	date:	2005-11-18T21:03:00