Vulnerabilities > CVE-2005-3668 - Unspecified vulnerability in Internet KEY Exchange Internet KEY Exchange 1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN internet-key-exchange
nessus
Summary
Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-965.NASL description The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22831 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22831 title Debian DSA-965-1 : ipsec-tools - null dereference code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-965. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22831); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732"); script_bugtraq_id(15523); script_xref(name:"DSA", value:"965"); script_name(english:"Debian DSA-965-1 : ipsec-tools - null dereference"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340584" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-965" ); script_set_attribute( attribute:"solution", value: "Upgrade the racoon package. The old stable distribution (woody) does not contain ipsec-tools. For the stable distribution (sarge) this problem has been fixed in version 0.5.2-1sarge1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"ipsec-tools", reference:"0.5.2-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"racoon", reference:"0.5.2-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_118372.NASL description SunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2018-09-01 modified 2018-08-13 plugin id 20333 published 2005-12-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20333 title Solaris 10 (x86) : 118372-10 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20333); script_version("1.31"); script_name(english: "Solaris 10 (x86) : 118372-10"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3674", "CVE-2006-2298", "CVE-2006-4339", "CVE-2006-5201", "CVE-2006-7140"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 118372-10"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/118372-10"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(310); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20"); script_cvs_date("Date: 2019/10/25 13:36:22"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/08"); script_end_attributes(); script_summary(english: "Check for patch 118372-10"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0267.NASL description Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim last seen 2020-06-01 modified 2020-06-02 plugin id 21894 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21894 title CentOS 3 / 4 : ipsec-tools (CESA-2006:0267) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0267 and # CentOS Errata and Security Advisory 2006:0267 respectively. # include("compat.inc"); if (description) { script_id(21894); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732"); script_xref(name:"RHSA", value:"2006:0267"); script_name(english:"CentOS 3 / 4 : ipsec-tools (CESA-2006:0267)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012840.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?866c8e4d" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012841.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6054d165" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012844.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ae2c7536" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012847.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ed32df9" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012850.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ea5e2fe6" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012851.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?223567ca" ); script_set_attribute( attribute:"solution", value:"Update the affected ipsec-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"ipsec-tools-0.2.5-0.7.rhel3.3")) flag++; if (rpm_check(release:"CentOS-4", reference:"ipsec-tools-0.3.3-6.rhel4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0267.NASL description Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim last seen 2020-06-01 modified 2020-06-02 plugin id 21286 published 2006-04-26 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21286 title RHEL 3 / 4 : ipsec-tools (RHSA-2006:0267) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0267. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(21286); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732"); script_xref(name:"RHSA", value:"2006:0267"); script_name(english:"RHEL 3 / 4 : ipsec-tools (RHSA-2006:0267)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3732" ); # http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a4692bd8" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0267" ); script_set_attribute( attribute:"solution", value:"Update the affected ipsec-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0267"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"ipsec-tools-0.2.5-0.7.rhel3.3")) flag++; if (rpm_check(release:"RHEL4", reference:"ipsec-tools-0.3.3-6.rhel4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools"); } }NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114435.NASL description SunOS 5.9_x86: IKE patch. Date this patch was last updated by Sun : Aug/09/10 last seen 2016-09-26 modified 2012-06-14 plugin id 13602 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13602 title Solaris 9 (x86) : 114435-16 NASL family Solaris Local Security Checks NASL id SOLARIS9_113451.NASL description SunOS 5.9: IKE patch. Date this patch was last updated by Sun : Aug/09/10 last seen 2016-09-26 modified 2012-06-14 plugin id 13538 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13538 title Solaris 9 (sparc) : 113451-17 NASL family Solaris Local Security Checks NASL id SOLARIS10_118371.NASL description SunOS 5.10: elfsign patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2018-09-02 modified 2018-08-13 plugin id 20332 published 2005-12-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20332 title Solaris 10 (sparc) : 118371-10 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-020.NASL description The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 20809 published 2006-01-26 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20809 title Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2006:020)
References
- http://jvn.jp/niscc/NISCC-273756/index.html
- http://jvn.jp/niscc/NISCC-273756/index.html
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
- http://www.kb.cert.org/vuls/id/226364
- http://www.kb.cert.org/vuls/id/226364
- http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en
- http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en