If you cannot upgrade to a new version, please apply the appropriate
patch as listed at http://www.openswan.org/CVE-2009-0790/
Dead Peer Detection is an IPsec IKE Notification message. It uses
an ICOOKIE/RCOOKIE mechanism to match an incoming packet to a know
Security Association (ISAKMP). Unlike most Notification messages, DPD
notifications have no phase2 state association. Incorrect handling of
this exception can cause a NULL pointer dereference on a non-existing
state object 'st'. This bug is triggered in the case where one end has
expired an ISAKMP state, but the other end still uses the old state
to send a DPD Notification.
IPsec is an IP security feature that provides robust authentication
and encryption of IP packets. IKE is a key management protocol
standard that is used with the IPsec standard.
IKE is a hybrid protocol that implements the Oakley and SKEME key
exchanges inside the Internet Security Association and Key Management
Protocol (ISAKMP) framework. (ISAKMP, Oakley, and SKEME are security
protocols that are implemented by IKE.). More information on IKE is
available at the following link:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_key_exch_ipsec.html
Cisco IOS® devices that are configured for Internet Key Exchange
(IKE) protocol and certificate based authentication are vulnerable to
a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1
security associations (SA) and prevent the establishment of new IPsec
sessions.
Cisco has released free software updates that address this
vulnerability.
SUMMARY
A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A malformed 802.11 probe request frame causes
a crash on the Access Point (AP) causing a temporary DoS condition for
wireless clients. Prior successful security association with the
wireless network is not required to cause this condition. The AP
recovers automatically by restarting itself.
AFFECTED ArubaOS VERSIONS
SUMMARY
A Denial of Service (DoS) vulnerability was discovered during standard
bug reporting procedures. A malformed 802.11 association request frame
causes a crash on the Access Point (AP) causing a temporary DoS
condition for wireless clients. Prior successful security association
with the wireless network is not required to cause this condition. The
AP recovers automatically by restarting itself.
AFFECTED ArubaOS VERSIONS
bug reporting procedures
in the Aruba Mobility Controller. A malformed EAP frame causes a process
crash on the Aruba
Mobility Controller causing a temporary DoS condition for new clients
configured to use EAP
authentication. Prior successful security association is not required to
cause this condition.
The Mobility Controller recovers automatically by restarting the
affected process.
Devices that run software versions 7.0 or 7.1 are not affected by
this vulnerability.
A successful attack may result in a reload of the device.
Remote access VPN connections will have Internet Security Association
and Key Management Protocol (ISAKMP) enabled on an interface with the
crypto command, such as: crypto isakmp enable outside.
This vulnerability is documented in Cisco Bug ID CSCso69942
and has been assigned Common Vulnerabilities and Exposures (CVE)
