CVE-2005-3671
CVSS7.8
发布时间 :2005-11-18 16:03:00
修订时间 :2008-09-05 16:54:59
NMCS    

[原文]The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.


[CNNVD]Openswan IKE拒绝服务漏洞(CNNVD-200511-231)

        OpenSWan是Linux下IPsec的最佳实现方式,其功能强大,最大程度地保证了数据传输中的安全性、完整性问题。
        Openswan 2 (openswan-2) 2.4.4之前版本中,以及SUSE LINUX 9.1 2.04_1.5.4-1.23之前版本的freeswan中实施的Internet Key Exchange第1版 (IKEv1) ,可让远程攻击者通过(1)使用具有无效键长度的3DES的特制数据包,或(2)启用"攻击性模式"且PSK未知时的未指定输入,使系统拒绝服务,如PROTOS ISAKMP针对IKEv1的测试套件所示。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openswan:openswan:2.1.4
cpe:/a:openswan:openswan:2.1.2
cpe:/a:openswan:openswan:2.1.6
cpe:/a:frees_wan:frees_wan:2.04
cpe:/a:openswan:openswan:2.4Openswan 2.4
cpe:/a:openswan:openswan:2.2
cpe:/a:openswan:openswan:2.1.5
cpe:/a:openswan:openswan:2.1.1
cpe:/a:openswan:openswan:2.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3671
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3671
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-231
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/226364
(VENDOR_ADVISORY)  CERT-VN  VU#226364
http://www.securityfocus.com/bid/15416
(PATCH)  BID  15416
http://www.openswan.org/niscc2/
(VENDOR_ADVISORY)  CONFIRM  http://www.openswan.org/niscc2/
http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html
(UNKNOWN)  FEDORA  FEDORA-2005-1093
http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html
(UNKNOWN)  FEDORA  FEDORA-2005-1092
http://www.novell.com/linux/security/advisories/2005_70_ipsec.html
(UNKNOWN)  SUSE  SUSE-SA:2005:070
http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
(VENDOR_ADVISORY)  MISC  http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml
(UNKNOWN)  GENTOO  GLSA-200512-04
http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
(UNKNOWN)  MISC  http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
http://securitytracker.com/id?1015214
(UNKNOWN)  SECTRACK  1015214
http://secunia.com/advisories/18115
(UNKNOWN)  SECUNIA  18115
http://secunia.com/advisories/17980
(UNKNOWN)  SECUNIA  17980
http://secunia.com/advisories/17680
(UNKNOWN)  SECUNIA  17680
http://secunia.com/advisories/17581
(UNKNOWN)  SECUNIA  17581
http://jvn.jp/niscc/NISCC-273756/index.html
(UNKNOWN)  MISC  http://jvn.jp/niscc/NISCC-273756/index.html
http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html
(UNKNOWN)  BUGTRAQ  20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation
http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html
(UNKNOWN)  BUGTRAQ  20051213 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation

- 漏洞信息

Openswan IKE拒绝服务漏洞
高危 其他
2005-11-18 00:00:00 2006-06-12 00:00:00
远程  
        OpenSWan是Linux下IPsec的最佳实现方式,其功能强大,最大程度地保证了数据传输中的安全性、完整性问题。
        Openswan 2 (openswan-2) 2.4.4之前版本中,以及SUSE LINUX 9.1 2.04_1.5.4-1.23之前版本的freeswan中实施的Internet Key Exchange第1版 (IKEv1) ,可让远程攻击者通过(1)使用具有无效键长度的3DES的特制数据包,或(2)启用"攻击性模式"且PSK未知时的未指定输入,使系统拒绝服务,如PROTOS ISAKMP针对IKEv1的测试套件所示。

- 公告与补丁

        暂无数据

- 漏洞信息

Openswan IKE Traffic Denial Of Service Vulnerabilities
Failure to Handle Exceptional Conditions 15416
Yes No
2005-11-14 12:00:00 2006-05-10 02:59:00
Discovery is credited to the vendor.

- 受影响的程序版本

S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
Red Hat Fedora Core4
Red Hat Fedora Core3
Openswan Openswan 2.4
Openswan Openswan 2.3.1
Openswan Openswan 2.3
Openswan Openswan 2.2
Openswan Openswan 2.1.6
Openswan Openswan 2.1.5
+ Red Hat Fedora Core3
Openswan Openswan 2.1.4
Openswan Openswan 2.1.2
Openswan Openswan 2.1.1
Gentoo Linux
Astaro Security Linux 4.0 28
Openswan Openswan 2.4.4
Openswan Openswan 2.4.2
Astaro Security Linux 4.0 29

- 不受影响的程序版本

Openswan Openswan 2.4.4
Openswan Openswan 2.4.2
Astaro Security Linux 4.0 29

- 漏洞讨论

Openswan is prone to multiple denial-of-service vulnerabilities in their ISAKMP implementation. Only attackers with access to the pre-shared key may exploit these issues, and only when the affected IKE daemon is configured to use aggressive mode.

These issues were discovered with the PROTOS ISAKMP Test Suite and are related to the handling of malformed IKEv1 traffic.

The vulnerabilities are believed to affect Openswan 2.x releases prior to 2.4.2.

- 漏洞利用

These issues can be reproduced using the PROTOS ISAKMP Test Suite.

- 解决方案


The vendor has released Openswan 2.4.2 to address the issues.

Please see the referenced advisories for further information.


Openswan Openswan 2.1.1

Openswan Openswan 2.1.2

Openswan Openswan 2.1.4

Openswan Openswan 2.1.5

Openswan Openswan 2.1.6

Openswan Openswan 2.2

Openswan Openswan 2.3

Openswan Openswan 2.3.1

Openswan Openswan 2.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站