Vulnerabilities > CVE-2005-3671 - Denial Of Service vulnerability in Openswan IKE Traffic

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
low complexity
frees-wan
openswan
xelerance
nessus

Summary

The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1093.NASL
    descriptionNISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The Openswan project has released version 2.4.4 to fix both issues. See http://www.openswan.org/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20243
    published2005-11-22
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20243
    titleFedora Core 4 : openswan-2.4.4-1.0.FC4.1 (2005-1093)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_10753.NASL
    descriptionThis update fixes the following security problem : - specially crafted packets could crash pluto as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. (CVE-2005-3671)
    last seen2020-06-01
    modified2020-06-02
    plugin id41085
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41085
    titleSuSE9 Security Update : freeswan (YOU Patch Number 10753)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200512-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200512-04 (Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation) The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way when they receive and handle ISAKMP Phase 1 packets with invalid or abnormal contents. Impact : A remote attacker could craft specific packets that would result in a Denial of Service attack, if Openswan and racoon are used in specific, weak configurations. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20313
    published2005-12-15
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20313
    titleGLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_070.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:070 (ipsec-tools,freeswan,openswan). Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto. The ipsec-tools / racoon crashes are tracked by the Mitre CVE ID CVE-2005-3732. The openswan / freeswan crashes are tracked by the Mitre CVE ID CVE-2005-3671. SUSE Linux Enterprise Server 8 and SUSE Linux 9.0 contain freeswan 1.x and seem no to be affected by this problem.
    last seen2019-10-28
    modified2005-12-30
    plugin id20369
    published2005-12-30
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20369
    titleSUSE-SA:2005:070: ipsec-tools,freeswan,openswan
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1092.NASL
    descriptionNISCC has reported two Denial of Service issues in Openswan. The first involves a specially crafted 3DES packet with an invalid key length. The Openswan project has released version 2.4.4 to fix both issues. See http://www.openswan.org/ for details. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20242
    published2005-11-22
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20242
    titleFedora Core 3 : openswan-2.4.4-0.FC3.1 (2005-1092)