CVE-2005-4565

Name of the Vulnerable Software and Affected Versions ADTRAN NetVanta versions prior to 10.03.03.E Multiple Cisco products (affected versions not specified)

Description The issue is related to a format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation, which might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets. This vulnerability was identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service.

Recommendations For ADTRAN NetVanta versions prior to 10.03.03.E, update to version 10.03.03.E or later. For Multiple Cisco products, Cisco has made free software available to address this vulnerability, so customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment, and then deploy the available software. As a temporary workaround, consider restricting the processing of IPSec IKE messages to minimize the risk of exploitation.