CVE-2005-3668

Name of the Vulnerable Software and Affected Versions Cisco IOS (affected versions not specified) Multiple Cisco products (affected versions not specified)

Description The issue is related to multiple buffer overflows in implementations of Internet Key Exchange version 1 (IKEv1), which can lead to denial of service. The vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec. These vulnerabilities can be repeatedly exploited to produce a denial of service.

Recommendations For Cisco IOS, update to a version that includes the fix for this issue, and prior to deploying software, consult the maintenance provider or check the software for feature set compatibility and known issues specific to the environment. For Multiple Cisco products, update to a version that includes the fix for this issue, and prior to deploying software, consult the maintenance provider or check the software for feature set compatibility and known issues specific to the environment. As a temporary workaround, consider restricting the processing of IPSec IKE messages to minimize the risk of exploitation.