CVE-2004-0369
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:38:15
NMCOPS    

[原文]Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.


[CNNVD]Entrust LibKMP ISAKMP库远程IPSec/ISAKMP缓冲区溢出漏洞(CNNVD-200412-576)

        
        Entrust LibKmp ISAKMP库用于多个VPN厂商,用于基于IPSEC的VPN产品进行IKE密钥的交换。libKmp处理所有进入的ISAKMP包,这库也用于验证和检查进入请求的处理。
        Entrust LibKmp ISAKMP库在实现IKE密钥交换协议时没有正确验证进入的ISAKMP包,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击,可能以进程权限在系统上执行任意指令。
        Entrust's LibKmp库是由供应商提供给第三方用于处理进行IKE密钥的交换的库。这库用于多个企业防火墙VPN产品中。Entrust's LibKmp库在处理ISAKMP负载和大小进行了充分的检查。但是嵌入到主SA负载中的proposal负载却没有正确的过滤。处理这些负载的代码存在一个缺陷可导致内存破坏,堆溢出。
        攻击者利用此漏洞发送恶意ISAKMP包,可导致VPN组件崩溃,精心构建提交数据可能以进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec:enterprise_firewall:7.0::solaris
cpe:/h:symantec:gateway_security_5400:2.0
cpe:/a:symantec:enterprise_firewall:8.0::solaris
cpe:/a:symantec:enterprise_firewall:7.0.4::solaris
cpe:/h:symantec:gateway_security_5300:1.0
cpe:/a:symantec:velociraptor:1.5
cpe:/a:entrust:entrust_libkmp_isakmp_library
cpe:/a:symantec:enterprise_firewall:7.0.4::windows_2000_nt
cpe:/a:symantec:enterprise_firewall:8.0::windows_2000_nt

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0369
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0369
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-576
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/15669
(PATCH)  XF  isakmp-spi-size-bo(15669)
http://xforce.iss.net/xforce/alerts/id/181
(VENDOR_ADVISORY)  ISS  20040826 Entrust LibKmp Library Buffer Overflow
http://www.securityfocus.com/bid/11039
(UNKNOWN)  BID  11039
http://www.ciac.org/ciac/bulletins/o-206.shtml
(VENDOR_ADVISORY)  CIAC  O-206
http://www.auscert.org.au/render.html?it=4339
(VENDOR_ADVISORY)  AUSCERT  ESB-2004.0538
http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html
(VENDOR_ADVISORY)  CONFIRM  http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html

- 漏洞信息

Entrust LibKMP ISAKMP库远程IPSec/ISAKMP缓冲区溢出漏洞
高危 边界条件错误
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Entrust LibKmp ISAKMP库用于多个VPN厂商,用于基于IPSEC的VPN产品进行IKE密钥的交换。libKmp处理所有进入的ISAKMP包,这库也用于验证和检查进入请求的处理。
        Entrust LibKmp ISAKMP库在实现IKE密钥交换协议时没有正确验证进入的ISAKMP包,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击,可能以进程权限在系统上执行任意指令。
        Entrust's LibKmp库是由供应商提供给第三方用于处理进行IKE密钥的交换的库。这库用于多个企业防火墙VPN产品中。Entrust's LibKmp库在处理ISAKMP负载和大小进行了充分的检查。但是嵌入到主SA负载中的proposal负载却没有正确的过滤。处理这些负载的代码存在一个缺陷可导致内存破坏,堆溢出。
        攻击者利用此漏洞发送恶意ISAKMP包,可导致VPN组件崩溃,精心构建提交数据可能以进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Entrust
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.entrust.com

        Symantec VelociRaptor 1.5:
        ftp://ftp.symantec.com/public/updates/entrust-vr15-3des.tgz
        Symantec Gateway Security 1.0:
        ftp://ftp.symantec.com/public/updates/entrust-sgs10-3des.tgz
        Symantec Gateway Security 2.0:
        ftp://ftp.symantec.com/public/updates/entrust-sgs20.tgz
        Symantec Enterprise Firewall/VPN 7.0 for Solaris:
        ftp://ftp.symantec.com/public/updates/entrust-704s-3des.tar.Z
        (Domestic)
        ftp://ftp.symantec.com/public/updates/entrust-704s-des.tar.Z
        (International)
        Symantec Enterprise Firewall/VPN 7.0 for Windows NT/2000:
        ftp://ftp.symantec.com/public/updates/entrust-704w-3des.exe
        (Domestic)
        ftp://ftp.symantec.com/public/updates/entrust-704w-des.exe
        (International)
        Symantec Enterprise Firewall/VPN 7.0.4 for Solaris:
        ftp://ftp.symantec.com/public/updates/entrust-704s-3des.tar.Z
        (Domestic)
        ftp://ftp.symantec.com/public/updates/entrust-704s-des.tar.Z
        (International)
        Symantec Enterprise Firewall/VPN 7.0.4 for Windows NT/2000:
        ftp://ftp.symantec.com/public/updates/entrust-704w-3des.exe
        (Domestic)
        ftp://ftp.symantec.com/public/updates/entrust-704w-des.exe
        (International)

- 漏洞信息 (F34156)

entrust-sgs20-readme.txt (PacketStormID:F34156)
2004-08-26 00:00:00
 
advisory,denial of service
CVE-2004-0369
[点击下载]

The Model 5400 Series Symantec Gateway Security 2.0 has released hotfixes that address the denial of service attack issue reported against isakmpd.

Product: Symantec Gateway Security 2.0 - Model 5400 Series	

Copyright     

- 漏洞信息 (F34155)

entrust-sgs10-readme.txt (PacketStormID:F34155)
2004-08-26 00:00:00
 
advisory,denial of service
CVE-2004-0369
[点击下载]

Symantec Gateway Security 1.0 has released hotfixes that address the denial of service attack issue reported against isakmpd.

Product:  Symantec Gateway Security 1.0

Copyright     

- 漏洞信息 (F34154)

entrust-vr15-readme.txt (PacketStormID:F34154)
2004-08-26 00:00:00
 
advisory,denial of service
CVE-2004-0369
[点击下载]

Symantec VelociRaptor 1.5 has released hotfixes that address the denial of service attack reported against isakmpd.

Product:  Symantec VelociRaptor 1.5

Copyright     

- 漏洞信息

9165
Symantec Gateway Security ISAKMPd Handling DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Symantec Gateway Security contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted ISAKMP packet causes a boundary error in the Entrust LibKmp library used for ISAKMP packet processing, and results in loss of availability for the VPN service.

- 时间线

2004-08-25 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Entrust LibKMP ISAKMP Library Remote IPsec/ISAKMP Buffer Overflow Vulnerability
Boundary Condition Error 11039
Yes No
2004-08-25 12:00:00 2009-07-12 06:17:00
Discovery of this vulnerability is credited Mark Dowd and Neel Mehta of the ISS X-Force research team.

- 受影响的程序版本

Symantec VelociRaptor 1.5
Symantec Gateway Security 5440
Symantec Gateway Security 5300
Symantec Gateway Security 5200 1.0
Symantec Gateway Security 5110 1.0
Symantec Gateway Security 360R
Symantec Enterprise Firewall 7.0.4 Solaris
Symantec Enterprise Firewall 7.0.4 NT/2000
Symantec Enterprise Firewall 7.0 Solaris
- Sun Solaris 7.0
- Sun Solaris 2.6
Symantec Enterprise Firewall 7.0 NT/2000
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0 alpha
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
Entrust LibKMP ISAKMP Library
+ Symantec Enterprise Firewall 8.0 Solaris
+ Symantec Enterprise Firewall 8.0 NT/2000
+ Symantec Enterprise Firewall 7.0.4 Solaris
+ Symantec Enterprise Firewall 7.0.4 NT/2000
+ Symantec Enterprise Firewall 7.0 Solaris
+ Symantec Enterprise Firewall 7.0 NT/2000
+ Symantec Gateway Security 5300 1.0
+ Symantec Gateway Security 5400 2.0
+ Symantec VelociRaptor 1.5

- 漏洞讨论

The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability. Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory.

It is reported that a remote attacker may exploit this condition to deny service to the Entrust library or to execute arbitrary code in the context of an implementation that uses the library.

Although unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Symantec has released an advisory (SYM04-012) and hotfixes dealing with this issue. Customers are advised to refer to the referenced advisory for further information pertaining to obtaining and applying appropriate hotfixes.

Entrust has released an advisory (E04-002) dealing with this issue. Customers are advised to refer to the referenced advisory for further information pertaining to obtaining and applying appropriate fixes. It should be noted that a customer login is required to access the Entrust advisory.


Symantec Gateway Security 5300

Symantec Gateway Security 5200 1.0

Symantec Gateway Security 5110 1.0

Symantec VelociRaptor 1.5

Symantec Enterprise Firewall 7.0 NT/2000

Symantec Enterprise Firewall 7.0 Solaris

Symantec Enterprise Firewall 7.0.4 Solaris

Symantec Enterprise Firewall 7.0.4 NT/2000

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站