发布时间 :2005-05-27 00:00:00
修订时间 :2008-09-05 16:50:08

[原文]Nortel VPN Router (aka Contivity) allows remote attackers to cause a denial of service (crash) via an IPsec IKE packet with a malformed ISAKMP header.

[CNNVD]Nortel VPN路由器畸形报文拒绝服务漏洞(CNNVD-200505-1218)

        Nortel VPN路由器为IP网络和因特网上的安全连接提供路由、VPN、防火墙、带宽管理、加密、认证和数据完整性功能。
        Nortel VPN路由器产品(之前被称为Nortel Contivity)在对用户执行VPN安全测试时存在拒绝服务漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:nortel:vpn_router_1740Nortel VPN Router 1740
cpe:/h:nortel:vpn_router_1010Nortel VPN Router 1010
cpe:/h:nortel:vpn_router_2700Nortel VPN Router 2700
cpe:/h:nortel:vpn_router_600Nortel VPN Router 600
cpe:/h:nortel:vpn_router_1050Nortel VPN Router 1050
cpe:/h:nortel:vpn_router_1700Nortel VPN Router 1700
cpe:/h:nortel:vpn_router_1100Nortel VPN Router 1100
cpe:/h:nortel:vpn_router_5000Nortel VPN Router 5000

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050531 Nortel VPN Router Malformed Packet DoS Vulnerability

- 漏洞信息

Nortel VPN路由器畸形报文拒绝服务漏洞
中危 其他
2005-05-27 00:00:00 2005-10-20 00:00:00
        Nortel VPN路由器为IP网络和因特网上的安全连接提供路由、VPN、防火墙、带宽管理、加密、认证和数据完整性功能。
        Nortel VPN路由器产品(之前被称为Nortel Contivity)在对用户执行VPN安全测试时存在拒绝服务漏洞。

- 公告与补丁


- 漏洞信息

Nortel VPN Router Malformed IKE Packet DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Nortel VPN Router contains a flaw that may allow a remote denial of service. The issue is triggered by sending a single IPsec IKE packet with a malformed ISAKMP header. On receipt of this malformed packet, the VPN router will crash immediately. It was also noted that the router does not log the malformed packet, even at maximum level logging. This will result in loss of availability for the VPN Router.

- 时间线

2005-05-27 2005-03-03
Unknow Unknow

- 解决方案

Upgrade to version V5.05_200 or higher, or install the patched versions of 4.76, 4.85, 4.90, 5.00 when available from the vendor, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Nortel Networks Multiple Products Remote Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 13792
Yes No
2005-05-27 12:00:00 2009-07-12 02:56:00
NTA Monitor is credited with the discovery of this vulnerability.

- 受影响的程序版本

Nortel Networks VPN Router 600 0
Nortel Networks VPN Router 5000
Nortel Networks VPN Router 2700
Nortel Networks VPN Router 1740
Nortel Networks VPN Router 1700
Nortel Networks VPN Router 1100
Nortel Networks VPN Router 1050
Nortel Networks VPN Router 1010
Nortel Networks Contivity 4600 Secure IP Services Gateway
Nortel Networks Contivity 4500 Secure IP Services Gateway
Nortel Networks Contivity 4000 VPN Switch
Nortel Networks Contivity 2600 Secure IP Services Gateway
Nortel Networks Contivity 2500 VPN Switch
Nortel Networks Contivity 2000 VPN Switch
Nortel Networks Contivity 1600 Secure IP Services Gateway
Nortel Networks Contivity 1500 VPN Switch
Nortel Networks Contivity 1000 VPN Switch

- 漏洞讨论

Multiple Nortel Networks products are prone to a remote denial of service vulnerability.

The issue manifests when the affected appliance processes an IKE main packet (ISAKMP) header of a certain type.

When the packet is processed, the vulnerability is triggered and the device crashes, effectively denying service for legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

It is reported that this issue is addressed by version 05-05.200 of the firmware. This is not confirmed.

Nortel has released an advisory to address this issue. Please see the advisory in Web references for more information.

- 相关参考