Vulnerabilities > CVE-2008-1198 - Unspecified vulnerability in Redhat Enterprise Linux 3.0/4.0/5.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 2 |
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20120221_INITSCRIPTS_ON_SL5_X.NASL description The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) This update also fixes the following bugs : - Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. - Prior to this update, on some systems the rm command failed and reported the error message last seen 2020-03-18 modified 2012-08-01 plugin id 61263 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61263 title Scientific Linux Security Update : initscripts on SL5.x i386/x86_64 (20120221) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0312.NASL description An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) Red Hat would like to thank Aleksander Adamowski for reporting this issue. This update also fixes the following bugs : * Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. (BZ#568896) * Prior to this update, on some systems the rm command failed and reported the error message last seen 2020-04-16 modified 2012-02-21 plugin id 58066 published 2012-02-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58066 title RHEL 5 : initscripts (RHSA-2012:0312) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0312.NASL description From Red Hat Security Advisory 2012:0312 : An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) Red Hat would like to thank Aleksander Adamowski for reporting this issue. This update also fixes the following bugs : * Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. (BZ#568896) * Prior to this update, on some systems the rm command failed and reported the error message last seen 2020-06-01 modified 2020-06-02 plugin id 68483 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68483 title Oracle Linux 5 : initscripts (ELSA-2012-0312)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-03-07 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1198 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |