HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
BID:17030
Info
HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
| Bugtraq ID: | 17030 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-3670 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2006 12:00AM |
| Updated: | Jun 27 2007 08:28PM |
| Credit: | Discovery is credited to NISCC, CERT-FI, and the Oulu University Secure Programming Group. |
| Vulnerable: |
HP Tru64 5.1 B-3 HP Tru64 5.1 B-2 PK4 |
| Not Vulnerable: | |
Discussion
HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
HP Tru64 is prone to denial-of-service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to the handling of malformed IKEv1 traffic.
HP Tru64 is prone to denial-of-service vulnerabilities. These issues are due to security flaws in HP's IPSec implementation. These vulnerabilities may be triggered by malformed IKE traffic.
These issues were discovered with the PROTOS ISAKMP Test Suite and are related to the handling of malformed IKEv1 traffic.
Exploit / POC
HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
These issues can be reproduced using the PROTOS ISAKMP Test Suite.
These issues can be reproduced using the PROTOS ISAKMP Test Suite.
Solution / Fix
HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
Solution:
The vendor has released advisory HPSBTU02100 SSRT050979 to address these issues. Please see the referenced advisory for information on obtaining fixes.
Solution:
The vendor has released advisory HPSBTU02100 SSRT050979 to address these issues. Please see the referenced advisory for information on obtaining fixes.
References
HP Tru64 IKE Exchange Denial Of Service Vulnerabilities
References:
References: