PT-2005-5616 · Unknown+3 · Ipsec-Tools+5
Publicado
1970-01-01
·
Atualizado
2018-10-19
·
CVE-2005-3732
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
openswan versions prior to 2.4.4
ipsec-tools versions prior to 0.6.3
Description
The issue concerns multiple vulnerabilities in the openswan and ipsec-tools packages, which can lead to a denial of service, resulting in the disruption of protected information availability. These vulnerabilities can be exploited remotely. The vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.
Recommendations
For openswan versions prior to 2.4.4, update to version 2.4.4 or later to address the vulnerabilities.
For ipsec-tools versions prior to 0.6.3, update to version 0.6.3 or later to address the vulnerabilities.
As a temporary workaround, consider restricting access to the
isakmp agg.c implementation in racoon to minimize the risk of exploitation.Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Asa
Cisco Ios
Cisco Wls
Red Hat
Ipsec-Tools
Openswan