Vulnerabilities > CVE-2006-2298 - Denial Of Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. Sun has released patches to address the vulnerability.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_118372.NASL description SunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2018-09-01 modified 2018-08-13 plugin id 20333 published 2005-12-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20333 title Solaris 10 (x86) : 118372-10 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(20333); script_version("1.31"); script_name(english: "Solaris 10 (x86) : 118372-10"); script_cve_id("CVE-2005-3666", "CVE-2005-3667", "CVE-2005-3668", "CVE-2005-3674", "CVE-2006-2298", "CVE-2006-4339", "CVE-2006-5201", "CVE-2006-7140"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 118372-10"); script_set_attribute(attribute: "description", value: 'SunOS 5.10_x86: elfsign patch. Date this patch was last updated by Sun : Apr/16/07'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/118372-10"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(310); script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/20"); script_cvs_date("Date: 2019/10/25 13:36:22"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/05/08"); script_end_attributes(); script_summary(english: "Check for patch 118372-10"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114435.NASL description SunOS 5.9_x86: IKE patch. Date this patch was last updated by Sun : Aug/09/10 last seen 2016-09-26 modified 2012-06-14 plugin id 13602 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13602 title Solaris 9 (x86) : 114435-16 NASL family Solaris Local Security Checks NASL id SOLARIS9_113451.NASL description SunOS 5.9: IKE patch. Date this patch was last updated by Sun : Aug/09/10 last seen 2016-09-26 modified 2012-06-14 plugin id 13538 published 2004-07-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=13538 title Solaris 9 (sparc) : 113451-17 NASL family Solaris Local Security Checks NASL id SOLARIS10_118371.NASL description SunOS 5.10: elfsign patch. Date this patch was last updated by Sun : Apr/16/07 last seen 2018-09-02 modified 2018-08-13 plugin id 20332 published 2005-12-20 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20332 title Solaris 10 (sparc) : 118371-10
References
- http://secunia.com/advisories/20050
- http://securitytracker.com/id?1016043
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102246-1
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
- http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
- http://www.securityfocus.com/bid/17902
- http://www.vupen.com/english/advisories/2006/1733
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26311