Cain & Abel IKE-PSK filter buffer overflow

cain-abel-ikepsk-bo (19742) The risk level is classified as HighHigh Risk

Description:

Cain & Abel is vulnerable to a buffer overflow, caused by improper bounds checking of user-supplied input in the IKE-PSK sniffer filter. By sending a specially-crafted IKE packet, a remote attacker could overflow a buffer and execute arbitrary code on the system.

Platforms Affected:

  • Massimiliano Montoro, Cain & Abel prior to 2.66

Remedy:

Upgrade to the latest version of Cain & Abel (2.66 or later), available from the Cain & Abel Web page. See References.

Consequences:

Gain Access

References:

  • BugTraq Mailing List, Fri Mar 18 2005 - 05:06:09 CST , Cain & Abel PSK Sniffer Heap overflow at http://archives.neohapsis.com/archives/bugtraq/2005-03/0314.html.
  • Cain & Abel Web page, oxid.it at http://www.oxid.it/cain.html.
  • BID-12840: Massimiliano Montoro Cain & Abel PSK Sniffer Remote Heap Buffer Overflow Vulnerability
  • CVE-2005-0807: Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.
  • SA14630: Cain & Abel IKE-PSK / HTTP Sniffer Buffer Overflow Vulnerabilities
  • SECTRACK ID: 1013476: Cain Abel Buffer Overflow in PSK Sniffer Lets Remote Users Execute Arbitrary Code

Reported:

Mar 18, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page