发布时间 :2005-11-18 16:03:00
修订时间 :2017-10-10 21:30:28

[原文]Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in HP HP-UX B.11.00, B.11.11, and B.11.23 running IPSec, HP Jetdirect 635n IPv6/IPsec Print Server, and HP Tru64 UNIX 5.1B-3 and 5.1B-2/PK4, allow remote attackers to cause a denial of service via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the HP advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

[CNNVD]HP-UX IKE交换拒绝服务漏洞(CNNVD-200511-250)


- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:hp:jetdirect_635nHP jetdirect j7961a
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/o:hp:tru64:5.1b1:pk4HP Tru64 5.1b1 pk4
cpe:/o:hp:tru64:5.1b3HP Tru64 5.1B3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5642HP-UX Running IPSec, Remote Denial of Service (DoS)

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  SECTRACK  1015227
(PATCH)  SECTRACK  1015229
(PATCH)  SECTRACK  1015727
(PATCH)  CERT-VN  VU#226364
(UNKNOWN)  BID  15471
(UNKNOWN)  BID  15474
(UNKNOWN)  BID  17030

- 漏洞信息

HP-UX IKE交换拒绝服务漏洞
高危 其他
2005-11-18 00:00:00 2009-03-04 00:00:00

- 公告与补丁

        HPSBUX02076:HP-UX Running IPSec Remote Denial of Service (DoS)

- 漏洞信息

HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
Failure to Handle Exceptional Conditions 17030
Yes No
2006-03-08 12:00:00 2007-06-27 08:28:00
Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.

- 受影响的程序版本

HP Tru64 5.1 B-3
HP Tru64 5.1 B-2 PK4

- 漏洞讨论

HP Tru64 is prone to denial-of-service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.

These issues were discovered with the PROTOS ISAKMP Test Suite and are related to the handling of malformed IKEv1 traffic.

- 漏洞利用

These issues can be reproduced using the PROTOS ISAKMP Test Suite.

- 解决方案

The vendor has released advisory HPSBTU02100 SSRT050979 to address these issues. Please see the referenced advisory for information on obtaining fixes.

- 相关参考