CVE-2005-3671

Name of the Vulnerable Software and Affected Versions openswan versions prior to 2.4.4 freeswan version prior to 2.04 1.5.4-1.23

Description The issue allows remote attackers to cause a denial of service via crafted packets or unspecified inputs when Aggressive Mode is enabled and the PSK is known. This can be exploited to produce a denial of service. The vulnerability was identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec.

Recommendations For openswan versions prior to 2.4.4, update to version 2.4.4 or later to address the vulnerability. For freeswan version prior to 2.04 1.5.4-1.23, update to version 2.04 1.5.4-1.23 or later to address the vulnerability. As a temporary workaround, consider disabling Aggressive Mode until a patch is available. Restrict access to the affected IPSec IKE implementation to minimize the risk of exploitation.