CVE-2006-1646

Sažetak

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

Reference

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-003.txt.asc
http://mail-index.netbsd.org/source-changes/2006/01/19/0017.html
http://secunia.com/advisories/19463
http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

05-09-2008 - 21:02

Objavljeno

06-04-2006 - 10:04