Vulnerabilities > CVE-2005-3732 - Resource Management Errors vulnerability in Ipsec-Tools
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-221-1.NASL description The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon. Please be aware that racoon is not officially supported by Ubuntu, the package is in the last seen 2020-06-01 modified 2020-06-02 plugin id 20763 published 2006-01-21 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20763 title Ubuntu 4.10 / 5.04 / 5.10 : ipsec-tools vulnerability (USN-221-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-221-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20763); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-3732"); script_xref(name:"USN", value:"221-1"); script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : ipsec-tools vulnerability (USN-221-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon. When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase. A malicious IPsec peer could exploit this to crash the racoon daemon. Please be aware that racoon is not officially supported by Ubuntu, the package is in the 'universe' component of the archive. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"solution", value:"Update the affected ipsec-tools and / or racoon packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:racoon"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"4.10", pkgname:"ipsec-tools", pkgver:"0.3.3-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"4.10", pkgname:"racoon", pkgver:"0.3.3-1ubuntu0.2")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"ipsec-tools", pkgver:"0.5-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"racoon", pkgver:"0.5-5ubuntu0.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ipsec-tools", pkgver:"0.6-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"racoon", pkgver:"0.6-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools / racoon"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-965.NASL description The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22831 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22831 title Debian DSA-965-1 : ipsec-tools - null dereference code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-965. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22831); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732"); script_bugtraq_id(15523); script_xref(name:"DSA", value:"965"); script_name(english:"Debian DSA-965-1 : ipsec-tools - null dereference"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "The Internet Key Exchange version 1 (IKEv1) implementation in racoon from ipsec-tools, IPsec tools for Linux, try to dereference a NULL pointer under certain conditions which allows a remote attacker to cause a denial of service." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340584" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-965" ); script_set_attribute( attribute:"solution", value: "Upgrade the racoon package. The old stable distribution (woody) does not contain ipsec-tools. For the stable distribution (sarge) this problem has been fixed in version 0.5.2-1sarge1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"ipsec-tools", reference:"0.5.2-1sarge1")) flag++; if (deb_check(release:"3.1", prefix:"racoon", reference:"0.5.2-1sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0267.NASL description Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim last seen 2020-06-01 modified 2020-06-02 plugin id 21894 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21894 title CentOS 3 / 4 : ipsec-tools (CESA-2006:0267) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0267 and # CentOS Errata and Security Advisory 2006:0267 respectively. # include("compat.inc"); if (description) { script_id(21894); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732"); script_xref(name:"RHSA", value:"2006:0267"); script_name(english:"CentOS 3 / 4 : ipsec-tools (CESA-2006:0267)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012840.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?866c8e4d" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012841.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6054d165" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012844.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ae2c7536" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012847.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ed32df9" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012850.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ea5e2fe6" ); # https://lists.centos.org/pipermail/centos-announce/2006-April/012851.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?223567ca" ); script_set_attribute( attribute:"solution", value:"Update the affected ipsec-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"ipsec-tools-0.2.5-0.7.rhel3.3")) flag++; if (rpm_check(release:"CentOS-4", reference:"ipsec-tools-0.3.3-6.rhel4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200512-04.NASL description The remote host is affected by the vulnerability described in GLSA-200512-04 (Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation) The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way when they receive and handle ISAKMP Phase 1 packets with invalid or abnormal contents. Impact : A remote attacker could craft specific packets that would result in a Denial of Service attack, if Openswan and racoon are used in specific, weak configurations. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20313 published 2005-12-15 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20313 title GLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200512-04. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(20313); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2005-3671", "CVE-2005-3732"); script_xref(name:"GLSA", value:"200512-04"); script_name(english:"GLSA-200512-04 : Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200512-04 (Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation) The Oulu University Secure Programming Group (OUSPG) discovered that various ISAKMP implementations, including Openswan and racoon (included in the IPsec-Tools package), behave in an anomalous way when they receive and handle ISAKMP Phase 1 packets with invalid or abnormal contents. Impact : A remote attacker could craft specific packets that would result in a Denial of Service attack, if Openswan and racoon are used in specific, weak configurations. Workaround : There is no known workaround at this time." ); # http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ script_set_attribute( attribute:"see_also", value:"https://www.ee.oulu.fi/research/ouspg/PROTOS_Test-Suite_c09-isakmp" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200512-04" ); script_set_attribute( attribute:"solution", value: "All Openswan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/openswan-2.4.4' All IPsec-Tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose net-firewall/ipsec-tools" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openswan"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-misc/openswan", unaffected:make_list("ge 2.4.4"), vulnerable:make_list("lt 2.4.4"))) flag++; if (qpkg_check(package:"net-firewall/ipsec-tools", unaffected:make_list("ge 0.6.3", "rge 0.6.2-r1", "rge 0.4-r2"), vulnerable:make_list("lt 0.6.3"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Openswan / IPsec-Tools"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0267.NASL description Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim last seen 2020-06-01 modified 2020-06-02 plugin id 21286 published 2006-04-26 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21286 title RHEL 3 / 4 : ipsec-tools (RHSA-2006:0267) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0267. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(21286); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3732"); script_xref(name:"RHSA", value:"2006:0267"); script_name(english:"RHEL 3 / 4 : ipsec-tools (RHSA-2006:0267)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated ipsec-tools packages that fix a bug in racoon are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-3732" ); # http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a4692bd8" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2006:0267" ); script_set_attribute( attribute:"solution", value:"Update the affected ipsec-tools package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipsec-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/11/18"); script_set_attribute(attribute:"patch_publication_date", value:"2006/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/04/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2006:0267"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"ipsec-tools-0.2.5-0.7.rhel3.3")) flag++; if (rpm_check(release:"RHEL4", reference:"ipsec-tools-0.3.3-6.rhel4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipsec-tools"); } }NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_070.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:070 (ipsec-tools,freeswan,openswan). Openswan, Freeswan and raccoon (ipsec-tools) have been updated to fix crashes in aggressive mode. An attacker might send specially crafted packets that can crash racoon or Pluto. The ipsec-tools / racoon crashes are tracked by the Mitre CVE ID CVE-2005-3732. The openswan / freeswan crashes are tracked by the Mitre CVE ID CVE-2005-3671. SUSE Linux Enterprise Server 8 and SUSE Linux 9.0 contain freeswan 1.x and seem no to be affected by this problem. last seen 2019-10-28 modified 2005-12-30 plugin id 20369 published 2005-12-30 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20369 title SUSE-SA:2005:070: ipsec-tools,freeswan,openswan NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-020.NASL description The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 20809 published 2006-01-26 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20809 title Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2006:020)
Oval
| accepted | 2013-04-29T04:22:48.577-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9857 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
- http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html
- http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/ipsec-tools/src/racoon/isakmp_agg.c?r1=1.20.2.3&r2=1.20.2.4&diff_format=u
- http://rhn.redhat.com/errata/RHSA-2006-0267.html
- http://secunia.com/advisories/17668
- http://secunia.com/advisories/17822
- http://secunia.com/advisories/17980
- http://secunia.com/advisories/18115
- http://secunia.com/advisories/18616
- http://secunia.com/advisories/18742
- http://secunia.com/advisories/19833
- http://secunia.com/advisories/20210
- http://securitytracker.com/id?1015254
- http://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000
- http://www.debian.org/security/2006/dsa-965
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
- http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:020
- http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
- http://www.novell.com/linux/security/advisories/2005_70_ipsec.html
- http://www.securityfocus.com/archive/1/436343/100/0/threaded
- http://www.securityfocus.com/bid/15523
- http://www.vupen.com/english/advisories/2005/2521
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9857
- https://usn.ubuntu.com/221-1/