CERT-FI and the NISCC Vulnerability Team published an advisory for an ISAKMP issue which "was identified by the Oulu University Secure Programming Group (OUSPG) from the University of Oulu in Finland.".
Juniper rates this as High risk.
Cisco says "When receiving certain malformed packets, vulnerable Cisco devices may reset, causing a temporary Denial of Service (DoS)."
Openswan's announcement - Openswan response to NISCC Vulnerability Advisory 273756/NISCC/ISAKMP
"Openswan is an implementation of IPsec for Linux. It supports kernels 2.0, 2.2, 2.4 and 2.6, and runs on many different platforms, including x86, x86_64, ia64, MIPS and ARM."
StoneGate's advisory says their "Firewall and VPN engine versions 2.6.0 and earlier use a vulnerable version of IKEv1 implementation." "Severity: High". "Recommended Actions: All StoneGate Firewall and VPN users should upgrade their StoneGate Firewall and VPN engines to version 2.6.1 or later.".
Secgo has an announcement that says "The following Crypto IP gateway and client versions are vulnerable:
Crypto IP gateway/client 2.3 (all 2.3 versions)
Crypto IP gateway/client 3.0.0 - 3.0.82
Crypto IP client 3.1 (all 3.1 versions)
Crypto IP gateway/client 3.2.0 - 3.2.26".
Original CERT -FI/NISCC announcements posted here; CERT-FI and NISCC
From the advisory:
"The vulnerabilities described in this advisory affect the Internet Security
Association and Key Management Protocol (ISAKMP), which is used to provide
associations for other security protocols."
The severity of these vulnerabilities varies by vendor, please see the "Vendor
Information" section below for further information or contact your vendor for
product specific information. These flaws may expose Denial-of-Service conditions,
format string vulnerabilities, and buffer overflows. In some cases, it may be
possible for an attacker to execute code.
ISAKMP/IKE client applications may be harder to attack than server applications
because in some cases, it may be required that clients initialise the negotiation."
Some information in the Vendor advisory;
"Juniper Networks, Inc
Bulletin Number: PSN-2005-11-007
Title: IKE version 1 vulnerability issues resulting from OUSPG ISAKMP Test Suite (NISCC/ISAKMP/273756)
Products Affected: All Juniper Networks M/T/J/E-series routers.
Platforms Affected: JUNOS Security / JUNOSe Security"
"Risk Level: High"
Juniper Networks JUNOS and JUNOSe software is susceptible to certain IPSec ISAKMP/IKE vulnerabilities as exposed by theOUSPG ISAKMP/IKE test suite. Risk assessment is high for Juniper Networks E/M/T/J-series routers."
"A complete list of vendor responses to this vulnerability are not currently
available. Please visit the web site at http://www.niscc.gov.uk/niscc/vulnAdv-en.html
in order to view the latest vendor statements."
Oulu University Secure Programming Group PROTOS Test-Suite: c09-isakmp
Nov 14th 2005
Nov 14th 2005
1 decade ago