Vulnerabilities > CVE-2005-3671 - Denial Of Service vulnerability in Openswan IKE Traffic
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 7 | |
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-1093.NASL description NISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The Openswan project has released version 2.4.4 to fix both issues. See http://www.openswan.org/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20243 published 2005-11-22 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20243 title Fedora Core 4 : openswan-2.4.4-1.0.FC4.1 (2005-1093) NASL family SuSE Local Security Checks NASL id SUSE9_10753.NASL description This update fixes the following security problem : - specially crafted packets could crash pluto as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. (CVE-2005-3671) last seen 2020-06-01 modified 2020-06-02 plugin id 41085 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41085 title SuSE9 Security Update : freeswan (YOU Patch Number 10753) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200512-04.NASL description The remote host is affected by the vulnerability described in GLSA-200512-04 (Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation) The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way when they receive and handle ISAKMP Phase 1 packets with invalid or abnormal contents. Impact : A remote attacker could craft specific packets that would result in a Denial of Service attack, if Openswan and racoon are used in specific, weak configurations. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20313 published 2005-12-15 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20313 title GLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_070.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:070 (ipsec-tools,freeswan,openswan). Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto. The ipsec-tools / racoon crashes are tracked by the Mitre CVE ID CVE-2005-3732. The openswan / freeswan crashes are tracked by the Mitre CVE ID CVE-2005-3671. SUSE Linux Enterprise Server 8 and SUSE Linux 9.0 contain freeswan 1.x and seem no to be affected by this problem. last seen 2019-10-28 modified 2005-12-30 plugin id 20369 published 2005-12-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20369 title SUSE-SA:2005:070: ipsec-tools,freeswan,openswan NASL family Fedora Local Security Checks NASL id FEDORA_2005-1092.NASL description NISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The Openswan project has released version 2.4.4 to fix both issues. See http://www.openswan.org/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20242 published 2005-11-22 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20242 title Fedora Core 3 : openswan-2.4.4-0.FC3.1 (2005-1092)
References
- http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html
- http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html
- http://jvn.jp/niscc/NISCC-273756/index.html
- http://secunia.com/advisories/17581
- http://secunia.com/advisories/17680
- http://secunia.com/advisories/17980
- http://secunia.com/advisories/18115
- http://securitytracker.com/id?1015214
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
- http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml
- http://www.kb.cert.org/vuls/id/226364
- http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
- http://www.novell.com/linux/security/advisories/2005_70_ipsec.html
- http://www.openswan.org/niscc2/
- http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html
- http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html
- http://www.securityfocus.com/bid/15416