CVE-2005-3671

high

Description

The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

References

http://www.securityfocus.com/bid/15416

http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html

http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html

http://www.openswan.org/niscc2/

http://www.novell.com/linux/security/advisories/2005_70_ipsec.html

http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en

http://www.kb.cert.org/vuls/id/226364

http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml

http://securitytracker.com/id?1015214

http://secunia.com/advisories/18115

http://secunia.com/advisories/17980

http://secunia.com/advisories/17680

http://secunia.com/advisories/17581

http://jvn.jp/niscc/NISCC-273756/index.html

http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html

http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html

Details

Source: Mitre, NVD

Published: 2005-11-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High