Details of VAR-200512-0678

ID

VAR-200512-0678

CVE

CVE-2005-4570

TITLE

Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations

Trust: 0.8

sources: CERT/CC: VU#226364

DESCRIPTION

The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 (IKEv1) implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an unstable/unpredictable manner. TITLE: IPsec-Tools ISAKMP IKE Message Processing Denial of Service SECUNIA ADVISORY ID: SA17668 VERIFY ADVISORY: http://secunia.com/advisories/17668/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: IPsec-Tools 0.x http://secunia.com/product/3352/ DESCRIPTION: A vulnerability has been reported in IPsec-Tools, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereferencing error when processing certain ISAKMP packets in aggressive mode. The vulnerability is related to: SA17553 Successful exploitation requires a weak racoon configuration (e.g. no lifetime proposal or obey mode), and using 3DES/SHA1/DH2. SOLUTION: Update to version 0.6.3. http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605 PROVIDED AND/OR DISCOVERED BY: The vendor credits Adrian Portelli. ORIGINAL ADVISORY: http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000 http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601 OTHER REFERENCES: SA17553: http://secunia.com/advisories/17553/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2005-4570 // CERT/CC: VU#226364 // VULHUB: VHN-15778 // PACKETSTORM: 41739

AFFECTED PRODUCTS

vendor:	check point	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	fortinet	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	nortel	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	openswan linux ipsec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	qnx	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	stonesoft	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	sun microsystems	model:	-	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#226364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4570
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#226364
value:	16.54
Trust: 0.8
CNNVD:	CNNVD-200512-619
value:	HIGH
Trust: 0.6
VULHUB:	VHN-15778
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-4570
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-15778
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-15778 // CNNVD: CNNVD-200512-619 // NVD: CVE-2005-4570

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4570

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-619

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200512-619

EXTERNAL IDS

db:	VUPEN	id:	ADV-2006-0182	Trust: 1.7
db:	NVD	id:	CVE-2005-4570	Trust: 1.7
db:	SECUNIA	id:	18446	Trust: 1.7
db:	BID	id:	15997	Trust: 1.7
db:	SECUNIA	id:	17668	Trust: 0.9
db:	SECUNIA	id:	17621	Trust: 0.8
db:	SECUNIA	id:	17663	Trust: 0.8
db:	SECUNIA	id:	17838	Trust: 0.8
db:	SECUNIA	id:	17553	Trust: 0.8
db:	SECUNIA	id:	17608	Trust: 0.8
db:	SECUNIA	id:	17684	Trust: 0.8
db:	AUSCERT	id:	ESB-2005.0924	Trust: 0.8
db:	CERT/CC	id:	VU#226364	Trust: 0.8
db:	CNNVD	id:	CNNVD-200512-619	Trust: 0.7
db:	VULHUB	id:	VHN-15778	Trust: 0.1
db:	PACKETSTORM	id:	41739	Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-15778 // PACKETSTORM: 41739 // CNNVD: CNNVD-200512-619 // NVD: CVE-2005-4570

REFERENCES

url:	http://www.securityfocus.com/bid/15997	Trust: 1.7
url:	http://www.fortinet.com/fortiguardcenter/vu226364.html	Trust: 1.7
url:	http://secunia.com/advisories/18446	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/0182	Trust: 1.1
url:	http://secunia.com/advisories/17553/	Trust: 0.9
url:	http://secunia.com/advisories/17668/	Trust: 0.9
url:	http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp	Trust: 0.8
url:	http://www.ficora.fi/suomi/tietoturva/varoitukset/varoitus-2005-82.htm	Trust: 0.8
url:	http://www.auscert.org.au/5748	Trust: 0.8
url:	http://jvn.jp/niscc/niscc-273756/index.html	Trust: 0.8
url:	http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en	Trust: 0.8
url:	http://secunia.com/advisories/17608/	Trust: 0.8
url:	http://secunia.com/advisories/17621/	Trust: 0.8
url:	http://secunia.com/advisories/17684/	Trust: 0.8
url:	http://secunia.com/advisories/17663/	Trust: 0.8
url:	http://secunia.com/advisories/17838/	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/0182	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/3352/	Trust: 0.1
url:	http://sourceforge.net/project/showfiles.php?group_id=74601&package_id=74949&release_id=372605	Trust: 0.1
url:	http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000	Trust: 0.1
url:	http://sourceforge.net/project/shownotes.php?release_id=372605&group_id=74601	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CERT/CC: VU#226364 // VULHUB: VHN-15778 // PACKETSTORM: 41739 // CNNVD: CNNVD-200512-619 // NVD: CVE-2005-4570

CREDITS

Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.

Trust: 0.6

sources: CNNVD: CNNVD-200512-619

SOURCES

db:	CERT/CC	id:	VU#226364
db:	VULHUB	id:	VHN-15778
db:	PACKETSTORM	id:	41739
db:	CNNVD	id:	CNNVD-200512-619
db:	NVD	id:	CVE-2005-4570

LAST UPDATE DATE

2024-11-23T19:56:25.367000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#226364	date:	2006-01-03T00:00:00
db:	VULHUB	id:	VHN-15778	date:	2011-03-08T00:00:00
db:	CNNVD	id:	CNNVD-200512-619	date:	2005-12-29T00:00:00
db:	NVD	id:	CVE-2005-4570	date:	2024-11-21T00:04:37.997

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#226364	date:	2005-11-17T00:00:00
db:	VULHUB	id:	VHN-15778	date:	2005-12-29T00:00:00
db:	PACKETSTORM	id:	41739	date:	2005-11-22T18:19:46
db:	CNNVD	id:	CNNVD-200512-619	date:	2005-12-29T00:00:00
db:	NVD	id:	CVE-2005-4570	date:	2005-12-29T11:03:00