Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2005-3732

Published: 21/11/2005 Updated: 19/10/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Ipsec-tools

Vulnerability Summary

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in racoon in ipsec-tools prior to 0.6.3, when running in aggressive mode, allows remote malicious users to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Vulnerable Product Search on Vulmon Subscribe to Product

ipsec-tools ipsec-tools 0.5.2

ipsec-tools ipsec-tools 0.6

ipsec-tools ipsec-tools 0.6.1

ipsec-tools ipsec-tools 0.6.2

ipsec-tools ipsec-tools 0.5

ipsec-tools ipsec-tools 0.5.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2005-3732: Minor DoS vulnerabilities unveiled by the PROTOS IKE test suite
Debian Bug report logs - #340584 CVE-2005-3732: Minor DoS vulnerabilities unveiled by the PROTOS IKE test suite Package: ipsec-tools; Maintainer for ipsec-tools is ipsec-tools packagers <team+ipsec-tools@trackerdebianorg>; Source for ipsec-tools is src:ipsec-tools (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <j ...
Ubuntu Security Notice: ipsec-tools vulnerability
The Oulu University Secure Programming Group discovered a remote Denial of Service vulnerability in the racoon daemon When the daemon is configured to use aggressive mode, then it did not check whether the peer sent all required payloads during the IKE negotiation phase A malicious IPsec peer could exploit this to crash the racoon daemon ...
Cisco: Multiple Vulnerabilities Found by PROTOS IPSec Test Suite
Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key Exchange) messages These vulnerabilities were identified by the University of Oulu Secure Programming Group (OUSPG) "PROTOS" Test Suite for IPSec and can be repeatedly exploited to produce a denial of service Cisco has made free software availa ...

References

CWE-399http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=enhttp://sourceforge.net/mailarchive/forum.php?thread_id=9017454&forum_id=32000http://cvs.sourceforge.net/viewcvs.py/ipsec-tools/ipsec-tools/src/racoon/isakmp_agg.c?r1=1.20.2.3&r2=1.20.2.4&diff_format=uhttp://www.securityfocus.com/bid/15523http://secunia.com/advisories/17668http://securitytracker.com/id?1015254http://secunia.com/advisories/17822http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200512-04.xmlhttp://www.novell.com/linux/security/advisories/2005_70_ipsec.htmlhttp://secunia.com/advisories/18115http://secunia.com/advisories/17980http://secunia.com/advisories/18616http://secunia.com/advisories/18742http://rhn.redhat.com/errata/RHSA-2006-0267.htmlhttp://secunia.com/advisories/19833ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://secunia.com/advisories/20210http://www.mandriva.com/security/advisories?name=MDKSA-2006:020http://www.vupen.com/english/advisories/2005/2521http://www.debian.org/security/2006/dsa-965https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9857https://usn.ubuntu.com/221-1/http://www.securityfocus.com/archive/1/436343/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340584https://usn.ubuntu.com/221-1/https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20051114-ipsec
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-25525CVE-2024-4652CVE-2024-1438CVE-2024-4671CVE-2024-34351arbitrary CVE-2024-4650SQL injectionoverflow
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook