CVE-2008-1198

Sažetak

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

Reference

http://www.ernw.de/download/pskattack.pdf
https://bugzilla.redhat.com/show_bug.cgi?id=435274
http://www.securitytracker.com/id?1019563
https://exchange.xforce.ibmcloud.com/vulnerabilities/41053
http://secunia.com/advisories/48045

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

03-02-2022 - 19:56

Objavljeno

06-03-2008 - 21:44