Multiple Vendor ISAKMP Protocol Unspecified Issues (PROTOS)

2005-11-14T08:02:33
ID OSVDB:20870
Type osvdb
Reporter PROTOS(protos@ee.oulu.fi)
Modified 2005-11-14T08:02:33

Description

Vulnerability Description

Various products contain a flaw related to the ISAKMP protocol. No further details have been provided.

Technical Description

The vulnerabilities were discovered using the PROTOS test suite "c09-isakmp".

Solution Description

Sun Microsystems, Inc.: Solaris 9: SPARC - Apply T-patch T113451-10. x86 - Apply T-patch T114435-09.

Solaris 10 SPARC - Apply T-patch T118371-06. x86 - Apply T-patch T118372-06

Juniper Networks, Inc.: JUNOS: Upgrade to version 6.4 2005-07-28 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

JUNOSe: Upgrade to version 5-2-4p0-8, 5-2-5, 5-3-4p0-5, 6-0-2p0-5, 6-0-3, 6-1-1p0-7, 6-1-2, 7-0-0p0-1, 7-0-1, and 7-1-0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Stonesoft: StoneGate Firewall: Upgrade to version 2.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

StoneGate VPN Client: Upgrade to version 2.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Openswan: Upgrade to version 2.4.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Secgo Software Oy: Upgrade to version 3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Nortel Networks: Contact Nortel Networks for upgrade information.

Cisco Systems, Inc.: Visit http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml#software for patch information.

Short Description

Various products contain a flaw related to the ISAKMP protocol. No further details have been provided.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015210 Security Tracker: 1015214 Security Tracker: 1015199 Security Tracker: 1015201 Security Tracker: 1015198 Security Tracker: 1015202 Security Tracker: 1015340 Security Tracker: 1015727 Security Tracker: 1015200 Security Tracker: 1015203 Security Tracker: 1015209 Secunia Advisory ID:17554 Secunia Advisory ID:17621 Secunia Advisory ID:17980 Secunia Advisory ID:18115 Secunia Advisory ID:17566 Secunia Advisory ID:17608 Secunia Advisory ID:17593 Secunia Advisory ID:20210 Secunia Advisory ID:17553 Secunia Advisory ID:19174 Secunia Advisory ID:19233 Secunia Advisory ID:17567 Secunia Advisory ID:17568 Secunia Advisory ID:17581 Secunia Advisory ID:17617 Secunia Advisory ID:17598 Secunia Advisory ID:17680 Secunia Advisory ID:18836 Related OSVDB ID: 20822 Other Advisory URL: http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml Other Advisory URL: http://isc.sans.org/diary.php?storyid=848 Other Advisory URL: http://www.uniras.gov.uk/niscc/docs/br-20051114-01013.html?lang=en Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Dec/0007.html Other Advisory URL: http://www.ficora.fi/englanti/document/ISAKMP.pdf Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-11/0221.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0403.html Keyword: CERT-FI: 7710 Keyword: Internet Security Association and Key Management Protocol Keyword: NISCC Vulnerability Advisory 273756/NISCC/ISAKMP Keyword: PROTOS Keyword: HPSBTU02100,SSRT050979,c00602119 Generic Informational URL: http://www.ietf.org/rfc/rfc2408.txt Generic Informational URL: http://www.ietf.org/rfc/rfc2401.txt Generic Informational URL: http://www.ietf.org/rfc/rfc2409.txt Generic Exploit URL: http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/index.html CVE-2005-3666 CVE-2005-3733 CVE-2005-3667 CVE-2005-3768