CVE-2005-3732
CVSS7.8
发布时间 :2005-11-21 17:03:00
修订时间 :2013-08-16 01:08:52
NMCPS    

[原文]The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.


[CNNVD]IPSec-Tools IKE消息处理拒绝服务漏洞(CNNVD-200511-313)

        IPsec-Tools是KAME的IPsec工具到Linux平台上的移植。
        ipsec-tools 0.6.3之前版本的racoon中采用的Internet Key Exchange第1版(IKEv1)(isakmp_agg.c),在以攻击性模式运行时,可让远程攻击者通过特制的IKE数据包使系统拒绝服务(空的取消引用及崩溃),如PROTOS ISAKMP针对IKEv1的测试套件所示。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/a:ipsec-tools:ipsec-tools:0.6
cpe:/a:ipsec-tools:ipsec-tools:0.6.1
cpe:/a:ipsec-tools:ipsec-tools:0.6.2
cpe:/a:ipsec-tools:ipsec-tools:0.5.1
cpe:/a:ipsec-tools:ipsec-tools:0.5
cpe:/a:ipsec-tools:ipsec-tools:0.5.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9857The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3732
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3732
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-313
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/15523
(PATCH)  BID  15523
http://secunia.com/advisories/17668
(VENDOR_ADVISORY)  SECUNIA  17668
http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/ipsec-tools/src/racoon/isakmp_agg.c?r1=1.20.2.3&r2=1.20.2.4&diff_format=u
(PATCH)  MISC  http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/ipsec-tools/src/racoon/isakmp_agg.c?r1=1.20.2.3&r2=1.20.2.4&diff_format=u
http://www.vupen.com/english/advisories/2005/2521
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2521
http://www.ubuntulinux.org/support/documentation/usn/usn-221-1
(UNKNOWN)  UBUNTU  USN-221-1
http://www.securityfocus.com/archive/1/archive/1/436343/100/0/threaded
(UNKNOWN)  FEDORA  FLSA-2006:190941
http://www.novell.com/linux/security/advisories/2005_70_ipsec.html
(UNKNOWN)  SUSE  SUSE-SA:2005:070
http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
(UNKNOWN)  MISC  http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
http://www.mandriva.com/security/advisories?name=MDKSA-2006:020
(UNKNOWN)  MANDRIVA  MDKSA-2006:020
http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml
(UNKNOWN)  GENTOO  GLSA-200512-04
http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
(UNKNOWN)  MISC  http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
http://www.debian.org/security/2006/dsa-965
(UNKNOWN)  DEBIAN  DSA-965
http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
(UNKNOWN)  MLIST  [ipsec-tools-devel] 20051120 Potential DoS fixed in ipsec-tools
http://securitytracker.com/id?1015254
(UNKNOWN)  SECTRACK  1015254
http://secunia.com/advisories/20210
(VENDOR_ADVISORY)  SECUNIA  20210
http://secunia.com/advisories/19833
(VENDOR_ADVISORY)  SECUNIA  19833
http://secunia.com/advisories/18742
(VENDOR_ADVISORY)  SECUNIA  18742
http://secunia.com/advisories/18616
(UNKNOWN)  SECUNIA  18616
http://secunia.com/advisories/18115
(VENDOR_ADVISORY)  SECUNIA  18115
http://secunia.com/advisories/17980
(VENDOR_ADVISORY)  SECUNIA  17980
http://secunia.com/advisories/17822
(VENDOR_ADVISORY)  SECUNIA  17822
http://rhn.redhat.com/errata/RHSA-2006-0267.html
(UNKNOWN)  REDHAT  RHSA-2006:0267
http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html
(UNKNOWN)  BUGTRAQ  20051214 Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

IPSec-Tools IKE消息处理拒绝服务漏洞
高危 其他
2005-11-21 00:00:00 2005-11-28 00:00:00
远程  
        IPsec-Tools是KAME的IPsec工具到Linux平台上的移植。
        ipsec-tools 0.6.3之前版本的racoon中采用的Internet Key Exchange第1版(IKEv1)(isakmp_agg.c),在以攻击性模式运行时,可让远程攻击者通过特制的IKE数据包使系统拒绝服务(空的取消引用及崩溃),如PROTOS ISAKMP针对IKEv1的测试套件所示。

- 公告与补丁

        暂无数据

- 漏洞信息 (F42029)

Ubuntu Security Notice 221-1 (PacketStormID:F42029)
2005-12-02 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2005-3732
[点击下载]

Ubuntu Security Notice USN-221-1 - The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon.

===========================================================
Ubuntu Security Notice USN-221-1	  December 01, 2005
ipsec-tools vulnerability
CVE-2005-3732
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

racoon

The problem can be corrected by upgrading the affected package to
version 0.3.3-1ubuntu0.2 (for Ubuntu 4.10), 1:0.5-5ubuntu0.1 (for
Ubuntu 5.04), or 1:0.6-1ubuntu1.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

The Oulu University Secure Programming Group discovered a remote
Denial of Service vulnerability in the racoon daemon. When the daemon
is configured to use aggressive mode, then it did not check whether
the peer sent all required payloads during the IKE negotiation phase.
A malicious IPsec peer could exploit this to crash the racoon daemon.

Please be aware that racoon is not officially supported by Ubuntu, the
package is in the 'universe' component of the archive.

Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.diff.gz
      Size/MD5:   191462 3f68d0eb625f920ef3ab5e4e1a2b942f
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2.dsc
      Size/MD5:      705 8c92ea1c2b68e7e335892c10020bafc2
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3.orig.tar.gz
      Size/MD5:   864122 b141da8ae299c8fdc53e536f6bbc3ad0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_amd64.deb
      Size/MD5:   106260 491ea714d329c5b0d6b8283c7579140f
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_amd64.deb
      Size/MD5:   201510 7c3c1d31969a6924bfe0afbf6f56b468

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_i386.deb
      Size/MD5:   101224 5e35a5bfca069cf88d0d349ad86b3cf8
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_i386.deb
      Size/MD5:   186400 0627a043d0f0ad1e05830d57c35666f2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.3.3-1ubuntu0.2_powerpc.deb
      Size/MD5:   108966 67f208c020df5f1194ab71a0569004f2
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.3.3-1ubuntu0.2_powerpc.deb
      Size/MD5:   196078 2acd7c40b8a56db688fc8ac8484272da

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.diff.gz
      Size/MD5:    41200 47ee31ab5776589dd049a90f0437865b
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1.dsc
      Size/MD5:      660 cad8e0faad2316aa0a65e28880548f58
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5.orig.tar.gz
      Size/MD5:   883484 57de611b23eb141173698478e9b64474

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_amd64.deb
      Size/MD5:    80430 47b366f44e0c8fb49ea43500161a6419
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_amd64.deb
      Size/MD5:   301450 9fd3f818fc41641ed0e691f69b23c441

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_i386.deb
      Size/MD5:    75606 390fe7eb94e2e519bef1a0df6b6d46b5
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_i386.deb
      Size/MD5:   276974 baef582ea75ecaf240298d2917b79fac

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.5-5ubuntu0.1_powerpc.deb
      Size/MD5:    83030 7880cae89438386a5b9f676760eff1be
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.5-5ubuntu0.1_powerpc.deb
      Size/MD5:   296838 f417446dce53652608242e1798663622

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.diff.gz
      Size/MD5:    49677 79084ce144e4b54267f69876d8104387
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1.dsc
      Size/MD5:      685 c22deb12d9a0943e3a66aad1a83c3857
    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6.orig.tar.gz
      Size/MD5:   905983 2cd85d36012b4d2c6947f7c17ad45b3e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_amd64.deb
      Size/MD5:    85086 e894b1b0168138fdb46d0c55095252bf
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_amd64.deb
      Size/MD5:   326258 1e7da4aa300a082cdf8034639de4f0a0

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_i386.deb
      Size/MD5:    78912 b46dd5373458dd5500b2513edc6ceec8
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_i386.deb
      Size/MD5:   298016 5df2e64e0ac064876aa21d29c086f902

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/i/ipsec-tools/ipsec-tools_0.6-1ubuntu1.1_powerpc.deb
      Size/MD5:    86902 c7c905f335db1bae382af11fe659d335
    http://security.ubuntu.com/ubuntu/pool/universe/i/ipsec-tools/racoon_0.6-1ubuntu1.1_powerpc.deb
      Size/MD5:   319518 1a7abc7fd9645d47d045f63d9f980528
    

- 漏洞信息

IPSec-Tools IKE Message Handling Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 15523
Yes No
2005-11-22 12:00:00 2006-11-24 08:35:00
Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SGI ProPack 3.0 SP6
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
IPsec-Tools IPsec-Tools 0.6.2
IPsec-Tools IPsec-Tools 0.6.1
IPsec-Tools IPsec-Tools 0.6
IPsec-Tools IPsec-Tools 0.5.2
IPsec-Tools IPsec-Tools 0.5.1
IPsec-Tools IPsec-Tools 0.5
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
IPsec-Tools IPsec-Tools 0.6.3

- 不受影响的程序版本

IPsec-Tools IPsec-Tools 0.6.3

- 漏洞讨论

IPsec-Tools is prone to a denial-of-service vulnerability. This issue is due to a failure in the application to handle exceptional conditions when in 'AGGRESSIVE' mode.

An attacker can exploit this issue to crash the application, thus denying service to legitimate users.

These vulnerabilities were discovered by, and may be reproduced by, the University of Oulu Secure Programming Group PROTOS IPSec Test Suite.

- 漏洞利用

This issue can be reproduced with the PROTOS IPSec Test Suite.

- 解决方案

Please see the referenced advisories for more information.

NOTE: The vendor has addressed this issue in IPsec-Tools version 0.6.3.


IPsec-Tools IPsec-Tools 0.5

IPsec-Tools IPsec-Tools 0.5.1

IPsec-Tools IPsec-Tools 0.5.2

IPsec-Tools IPsec-Tools 0.6

IPsec-Tools IPsec-Tools 0.6.1

IPsec-Tools IPsec-Tools 0.6.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站