New User, Welcome!     Login

Dead Peer Detection

CVE-2009-0790: ISAKMP DPD Remote Vulnerability with Openswan & Strongswan IPsec

==========================================================================
Openswan & Strongswan Security Notification  March 30, 2009
Remote DoS Vulnerability in Openswan & Strongswan IPsec
CVE-2009-0790
==========================================================================
A vulnerability in the Dead Peer Detection (RFC-3706) code was found by
Gerd v. Egidy <gerd.von.egidy@intra2net.com> of Intra2net AG affecting
all Openswan and all Strongswan releases.

A malicious (or expired ISAKMP) R_U_THERE or R_U_THERE_ACK Dead Peer
Detection packet can cause the pluto IKE daemon to crash and restart. No

NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration

     Nonce(20 bytes)
     ID(Type=ID_FQDN, Value=Pix.domain.com)
     Hash(20 bytes)
     VID=12f5f28c457168a9702d9fe274cc0100 (Cisco Unity)
     VID=09002689dfd6b712 (XAUTH)
     VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0)
     VID=4048b7d56ebce88525e7de7f00d6c2d3c0000000 (IKE Fragmentation)
     VID=1f07f70eaa6514d3b0fa96542a500100 (Cisco VPN Concentrator)

Ending ike-scan 1.9: 1 hosts scanned in 0.031 seconds (32.19 hosts/sec).  1
returned handshake; 0 returned notify

[ GLSA 200909-05 ] Openswan: Denial of Service

===========

Multiple vulnerabilities have been discovered in Openswan:

* Gerd v. Egidy reported a NULL pointer dereference in the Dead Peer
  Detection of the pluto IKE daemon as included in Openswan
  (CVE-2009-0790).

* The Orange Labs vulnerability research team discovered multiple
  vulnerabilities in the ASN.1 parser (CVE-2009-2185).


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!