Vulnerabilities > CVE-2005-3667 - Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
internet-key-exchange
nessus

Summary

Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate.

Vulnerable Configurations

Part Description Count
Application
Internet_Key_Exchange
1

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-965.NASL
    descriptionThe Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id22831
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22831
    titleDebian DSA-965-1 : ipsec-tools - null dereference
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-965. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22831);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732");
      script_bugtraq_id(15523);
      script_xref(name:"DSA", value:"965");
    
      script_name(english:"Debian DSA-965-1 : ipsec-tools - null dereference");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Internet Key Exchange version 1 (IKEv1) implementation in racoon
    from ipsec-tools, IPsec tools for Linux, try to dereference a NULL
    pointer under certain conditions which allows a remote attacker to
    cause a denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-965"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the racoon package.
    
    The old stable distribution (woody) does not contain ipsec-tools.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.5.2-1sarge1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ipsec-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"ipsec-tools", reference:"0.5.2-1sarge1")) flag++;
    if (deb_check(release:"3.1", prefix:"racoon", reference:"0.5.2-1sarge1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_118372.NASL
    descriptionSunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07
    last seen2018-09-01
    modified2018-08-13
    plugin id20333
    published2005-12-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20333
    titleSolaris 10 (x86) : 118372-10
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/09/17.
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(20333);
     script_version("1.31");
    
     script_name(english: "Solaris 10 (x86) : 118372-10");
     script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3674", "CVE-2006-2298", "CVE-2006-4339", "CVE-2006-5201", "CVE-2006-7140");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 118372-10");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10_x86: elfsign patch.
    Date this patch was last updated by Sun : Apr/16/07');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "https://getupdates.oracle.com/readme/118372-10");
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_cwe_id(310);
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20");
     script_cvs_date("Date: 2019/10/25 13:36:22");
     script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/08");
     script_end_attributes();
    
     script_summary(english: "Check for patch 118372-10");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0267.NASL
    descriptionUpdated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21894
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21894
    titleCentOS 3 / 4 : ipsec-tools (CESA-2006:0267)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0267 and 
    # CentOS Errata and Security Advisory 2006:0267 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21894);
      script_version("1.20");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732");
      script_xref(name:"RHSA", value:"2006:0267");
    
      script_name(english:"CentOS 3 / 4 : ipsec-tools (CESA-2006:0267)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ipsec-tools packages that fix a bug in racoon are now
    available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The ipsec-tools package is used in conjunction with the IPsec
    functionality in the linux kernel and includes racoon, an IKEv1 keying
    daemon.
    
    A denial of service flaw was found in the ipsec-tools racoon daemon.
    If a victim's machine has racoon configured in a non-recommended
    insecure manner, it is possible for a remote attacker to crash the
    racoon daemon. (CVE-2005-3732)
    
    Users of ipsec-tools should upgrade to these updated packages, which
    contain backported patches, and are not vulnerable to these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-April/012840.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?866c8e4d"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-April/012841.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6054d165"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-April/012844.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ae2c7536"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-April/012847.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7ed32df9"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-April/012850.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ea5e2fe6"
      );
      # https://lists.centos.org/pipermail/centos-announce/2006-April/012851.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?223567ca"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ipsec-tools package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipsec-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"ipsec-tools-0.2.5-0.7.rhel3.3")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"ipsec-tools-0.3.3-6.rhel4.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0267.NASL
    descriptionUpdated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id21286
    published2006-04-26
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21286
    titleRHEL 3 / 4 : ipsec-tools (RHSA-2006:0267)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2006:0267. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21286);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732");
      script_xref(name:"RHSA", value:"2006:0267");
    
      script_name(english:"RHEL 3 / 4 : ipsec-tools (RHSA-2006:0267)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ipsec-tools packages that fix a bug in racoon are now
    available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The ipsec-tools package is used in conjunction with the IPsec
    functionality in the linux kernel and includes racoon, an IKEv1 keying
    daemon.
    
    A denial of service flaw was found in the ipsec-tools racoon daemon.
    If a victim's machine has racoon configured in a non-recommended
    insecure manner, it is possible for a remote attacker to crash the
    racoon daemon. (CVE-2005-3732)
    
    Users of ipsec-tools should upgrade to these updated packages, which
    contain backported patches, and are not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3732"
      );
      # http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a4692bd8"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2006:0267"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ipsec-tools package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipsec-tools");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2006:0267";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"ipsec-tools-0.2.5-0.7.rhel3.3")) flag++;
    
      if (rpm_check(release:"RHEL4", reference:"ipsec-tools-0.3.3-6.rhel4.1")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools");
      }
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114435.NASL
    descriptionSunOS 5.9_x86: IKE patch. Date this patch was last updated by Sun : Aug/09/10
    last seen2016-09-26
    modified2012-06-14
    plugin id13602
    published2004-07-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=13602
    titleSolaris 9 (x86) : 114435-16
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_113451.NASL
    descriptionSunOS 5.9: IKE patch. Date this patch was last updated by Sun : Aug/09/10
    last seen2016-09-26
    modified2012-06-14
    plugin id13538
    published2004-07-12
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=13538
    titleSolaris 9 (sparc) : 113451-17
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_118371.NASL
    descriptionSunOS 5.10: elfsign patch. Date this patch was last updated by Sun : Apr/16/07
    last seen2018-09-02
    modified2018-08-13
    plugin id20332
    published2005-12-20
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20332
    titleSolaris 10 (sparc) : 118371-10
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-020.NASL
    descriptionThe Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id20809
    published2006-01-26
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20809
    titleMandrake Linux Security Advisory : ipsec-tools (MDKSA-2006:020)