OpenSWAN IPSec implementation XAUTH authentication buffer overflow

pluto process stack based buffer overflow...

CVE-2004-2678

Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2BL22 and PK3BL24, and 5.1A PK6BL24, when using IPsec/IKE Internet Key Exchange with Certificates, allows remote attackers to gain privileges via unknown attack vectors...

Microsoft Windows Internet Naming Service (WINS) contains a buffer overflow

Overview A buffer overflow in the WINS service may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description The Microsoft WINS service maps IP addresses to NETBIOS computer names.The WINS protocol contains a vulnerability that may allow a remote attack...

Debian DSA-201-1 : freeswan - denial of service

Bindview discovered a problem in several IPSEC implementations that do not properly handle certain very short packets. IPSEC is a set of security extensions to IP which provide authentication and encryption. Free/SWan in Debian is affected by this and is said to cause a kernel panic. %NASLMINLEVE...

Mac OS X Multiple Vulnerabilities (Security Update 2004-09-07)

The remote host is missing Security Update 2004-09-07. This security update fixes the following components : - CoreFoundation - IPSec - Kerberos - libpcap - lukemftpd - NetworkConfig - OpenLDAP - OpenSSH - PPPDialer - rsync - Safari - tcpdump These applications contain multiple vulnerabilities th...

Cisco VPN Concentrator LAN-to-LAN IPSEC Tunnel Termination DoS (Bug ID CSCdx54675)

Binary data 2237.prm...

Cisco VPN Concentrator LAN-to-LAN IPSEC Tunnel Termination DoS (Bug ID CSCdx54675)

Binary data 2238.prm...

Cisco VPN Concentrator LAN-to-LAN IPSEC Tunnel Termination DoS (Bug ID CSCdx54675)

Binary data 2239.prm...

CVE-2002-1092

CVE-2002-1092 affects Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, where using internal authentication with group accounts and no user accounts allows remote VPN clients to log in via PPTP or IPSEC user authentication. Root cause identified in multiple advisories for the Cisco VPN...

CVE-2002-1102

CVE-2002-1102 affects Cisco VPN 3000 Concentrator LAN-to-LAN IPSEC capability (versions 2.2.x and 3.x before 3.5.4). A remote attacker can trigger a denial of service by initiating a LAN-to-LAN connection that conflicts with an existing security association, causing the concentrator to terminate ...

CVE-2002-1092

Cisco VPN 3000 Concentrator 3.6Rel and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication...

GLSA-200406-20 : FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling

The remote host is affected by the vulnerability described in GLSA-200406-20 FreeS/WAN, Openswan, strongSwan: Vulnerabilities in certificate handling All these IPsec implementations have several bugs in the verifyx509cert function, which performs certificate validation, that make them vulnerable ...

GLSA-200406-17 : IPsec-Tools: authentication bug in racoon

The remote host is affected by the vulnerability described in GLSA-200406-17 IPsec-Tools: authentication bug in racoon The KAME IKE daemon racoon is used to authenticate peers during Phase 1 when using either preshared keys, GSS-API, or RSA signatures. When using RSA signatures racoon validates t...

GLSA-200404-05 : ipsec-tools contains an X.509 certificates vulnerability.

The remote host is affected by the vulnerability described in GLSA-200404-05 ipsec-tools contains an X.509 certificates vulnerability. racoon a utility in the ipsec-tools package does not verify digital signatures on Phase1 packets. This means that anybody holding the correct X.509 certificate...

GLSA-200404-17 : ipsec-tools and iputils contain a remote DoS vulnerability

The remote host is affected by the vulnerability described in GLSA-200404-17 ipsec-tools and iputils contain a remote DoS vulnerability When racoon receives an ISAKMP header, it allocates memory based on the length of the header field. Thus, an attacker may be able to cause a Denial of Services b...

AIX 5.1 : IY37069

The remote host is missing AIX Critical Security Patch number IY37069 SECURITY: Inadequate validation in IPsec packets. You should install this patch for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

Multiple memory leak vulnerabilities in isakmpd

Overview Multiple memory handling vulnerabilities exist in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security...

isakmpd fails to handle ISAKMP packets with "Payload Length" of zero

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

Integer underflow vulnerability in isakmpd "Certificate Request Payload" handling

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:027)

A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to...