CVE-2005-3671 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-3671
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-3671

Description: The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

CVE Status: Candidate

References: SUSE http://www.novell.com/linux/security/advisories/2005_70_ipsec.html ST 1015214 SAID Secunia Advisory: SA18115 Secunia Advisory: SA17581 Secunia Advisory: SA17980 Secunia Advisory: SA17680 MISC http://jvn.jp/niscc/NISCC-273756/index.html http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/ GENTOO http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml FEDORA http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html CONFIRM http://www.openswan.org/niscc2/ CERT-VN 226364 BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html BID 15416

Return to the previous page.