Vulnerabilities > CVE-2008-1198 - Unspecified vulnerability in Redhat Enterprise Linux 3.0/4.0/5.0

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
redhat
nessus

Summary

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

Vulnerable Configurations

Part Description Count
Application
Redhat
1
OS
Redhat
2

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120221_INITSCRIPTS_ON_SL5_X.NASL
    descriptionThe initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) This update also fixes the following bugs : - Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. - Prior to this update, on some systems the rm command failed and reported the error message
    last seen2020-03-18
    modified2012-08-01
    plugin id61263
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61263
    titleScientific Linux Security Update : initscripts on SL5.x i386/x86_64 (20120221)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2012-0312.NASL
    descriptionAn updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) Red Hat would like to thank Aleksander Adamowski for reporting this issue. This update also fixes the following bugs : * Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. (BZ#568896) * Prior to this update, on some systems the rm command failed and reported the error message
    last seen2020-04-16
    modified2012-02-21
    plugin id58066
    published2012-02-21
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58066
    titleRHEL 5 : initscripts (RHSA-2012:0312)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2012-0312.NASL
    descriptionFrom Red Hat Security Advisory 2012:0312 : An updated initscripts package that fixes one security issue and four bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) Red Hat would like to thank Aleksander Adamowski for reporting this issue. This update also fixes the following bugs : * Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. (BZ#568896) * Prior to this update, on some systems the rm command failed and reported the error message
    last seen2020-06-01
    modified2020-06-02
    plugin id68483
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68483
    titleOracle Linux 5 : initscripts (ELSA-2012-0312)

Redhat

advisories
bugzilla
id679998
title[REG][5.6] rm command reports an error message during system booting.
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentinitscripts is earlier than 0:8.45.42-1.el5
      ovaloval:com.redhat.rhsa:tst:20120312001
    • commentinitscripts is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20120312002
rhsa
idRHSA-2012:0312
released2012-02-21
severityLow
titleRHSA-2012:0312: initscripts security and bug fix update (Low)
rpms
  • initscripts-0:8.45.42-1.el5
  • initscripts-debuginfo-0:8.45.42-1.el5

Statements

contributorMark J Cox
lastmodified2008-03-07
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1198 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.