Cisco Multiple Product IKE Phase-1 Packet Saturation DoS

2006-07-26T15:55:01
ID OSVDB:29068
Type osvdb
Reporter Roy Hills(Roy.Hills@nta-monitor.com)
Modified 2006-07-26T15:55:01

Description

Vulnerability Description

Multiple Cisco products contain a flaw that may allow a remote denial of service. The issue is triggered when IKE Phase-1 packets are sent to a VPN-enabled product at a faster rate than the session expiry setting on the device, and will result in loss of availability for the service.

Technical Description

Cisco states that this is a flaw in the IKE Phase-1 protocol, and so other products that implement the protocol may also be vulnerable.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

Cisco provides mitigation techniques for each vulnerable product in the referenced vendor advisory.

Short Description

Multiple Cisco products contain a flaw that may allow a remote denial of service. The issue is triggered when IKE Phase-1 packets are sent to a VPN-enabled product at a faster rate than the session expiry setting on the device, and will result in loss of availability for the service.

References:

Vendor Specific Advisory URL Security Tracker: 1016582 Other Advisory URL: http://www.nta-monitor.com/posts/2006/07/cisco-concentrator-dos.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0531.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0467.html ISS X-Force ID: 27972 CVE-2006-3906 Bugtraq ID: 19176