Fergie's Tech Blog: ISAKMP Protocol Implementation Internet Key Exchange Vulnerabilities

Monday, November 14, 2005

ISAKMP Protocol Implementation Internet Key Exchange Vulnerabilities

Via FrSIRT.

Advisory ID : FrSIRT/ADV-2005-2405
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-14

Technical Description

Multiple vulnerabilities were identified in the Internet Security Association and Key Management Protocol (ISAKMP), which may be exploited by remote attackers to cause a denial of service or execute arbitrary commands. These issues are due to errors in certain ISAKMP implementations that do not properly handle IKE (Internet Key Exchange) Phase 1 packets with invalid and/or abnormal contents, which could be exploited by attackers to cause denial of service conditions or compromise vulnerable systems.

Note : The severity and impact of these vulnerabilities vary by vendor.

Affected Products

Internet Security Association and Key Management Protocol (ISAKMP)
Internet Key Exchange version 1 (IKEv1)

Solution

Use packet filters and accept ISAKMP negotiations only from trusted sources.

References

http://www.frsirt.com/english/advisories/2005/2405
http://www.niscc.gov.uk/niscc/docs/br-20051114-01013.html?lang=en

Fergie's Tech Blog

Monday, November 14, 2005

ISAKMP Protocol Implementation Internet Key Exchange Vulnerabilities

0 Comments:

About Me

Previous Posts