Sun Solaris libike in.iked(1M) denial of service

solaris-libike-dos (26311) The risk level is classified as MediumMedium Risk

Description:

Sun Solaris could allow a remote attacker to cause a denial of service against the in.iked daemon, caused by an unspecified vulnerability in the libike library. If a remote attacker with valid authentication credentials initiates an IKE key exchange using a malformed payload, the attacker could cause the in.iked daemon to crash.


Consequences:

Denial of Service

Remedy:

Refer to Sun Alert ID: 102246 for patch, upgrade, or suggested workaround information. See References.

References:

  • Sun Alert ID: 102246: A Security Vulnerability in the "libike" Library May Potentially Cause a Denial of Service to the in.iked(1M) Daemon.
  • BID-17902: Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
  • CVE-2006-2298: The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
  • OSVDB ID: 25356: Solaris libike in.iked Remote DoS
  • OSVDB ID: 36584: Solaris libike Library in.iked Unspecified Remote DoS
  • SA20050: Sun Solaris libike Denial of Service Vulnerability
  • SECTRACK ID: 1016043: Sun Solaris libike IPSec IKE Processing Bug Lets Remote Users Deny Service
  • VUPEN/ADV-2006-1733: Sun Solaris libike Library IKE Exchange Remote Denial of Service Vulnerability

Platforms Affected:

  • Sun Solaris 10 SPARC
  • Sun Solaris 10 x86
  • Sun Solaris 9 SPARC
  • Sun Solaris 9 x86

Reported:

May 08, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page