• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Openswan IKE Traffic Denial Of Service Vulnerabilities

Openswan is prone to multiple denial-of-service vulnerabilities in their ISAKMP implementation. Only attackers with access to the pre-shared key may exploit these issues, and only when the affected IKE daemon is configured to use aggressive mode.

These issues were discovered with the PROTOS ISAKMP Test Suite and are related to the handling of malformed IKEv1 traffic.

The vulnerabilities are believed to affect Openswan 2.x releases prior to 2.4.2.