BugTraq
[ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation Dec 12 2005 02:41PM
Thierry Carrez (koon gentoo org) (1 replies)
Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation Dec 13 2005 08:49PM
Paul Wouters (paul xelerance com) (1 replies)
On Mon, 12 Dec 2005, Thierry Carrez wrote:

> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory GLSA 200512-04
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: Normal
> Title: Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol
> implementation
> Date: December 12, 2005
> Bugs: #112568, #113201
> ID: 200512-04

> Openswan and IPsec-Tools suffer from an implementation flaw which may
> allow a Denial of Service attack.

That is correct (for openswan)

> Impact
> ======
>
> A remote attacker can create a specially crafted packet using 3DES with
> an invalid key length, resulting in a Denial of Service attack, format
> string vulnerabilities or buffer overflows.

That's a copy and paste from the IPsec proto testsuite.

1) It conflicts with the above comment that this is only a DOS
2) It's incorrect (for openswan)

> Workaround
> ==========
>
> Avoid using "aggressive mode" in ISAKMP Phase 1, which exchanges
> information between the sides before there is a secure channel.

In fact, you would to both have aggressive mode enabled AND know the PSK.
If you have those two enabled, you are vulnerable to a MITM anyway, since
any client knowing the PSK can pretend to be the IPsec security gateway.

Paul

[ reply ]
Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAK MP Protocol implementation Dec 14 2005 10:24AM
VANHULLEBUS Yvan (yvan vanhullebus netasq com)


 

Privacy Statement
Copyright 2010, SecurityFocus