CVE-2005-3671
First published: Fri Nov 18 2005(Updated: )
The Internet Key Exchange version 1 (IKEv1) implementation in Openswan 2 (openswan-2) before 2.4.4, and freeswan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23, allow remote attackers to cause a denial of service via (1) a crafted packet using 3DES with an invalid key length, or (2) unspecified inputs when Aggressive Mode is enabled and the PSK is known, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Farmers Wife | =2.04 | |
| Xelerance Openswan | =2.1.1 | |
| Xelerance Openswan | =2.1.2 | |
| Xelerance Openswan | =2.1.4 | |
| Xelerance Openswan | =2.1.5 | |
| Xelerance Openswan | =2.1.6 | |
| Xelerance Openswan | =2.2 | |
| Xelerance Openswan | =2.3 | |
| Openswan | =2.4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/
- http://www.openswan.org/niscc2/
- http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en
- http://jvn.jp/niscc/NISCC-273756/index.html
- http://www.kb.cert.org/vuls/id/226364
- http://www.securityfocus.com/bid/15416
- http://securitytracker.com/id?1015214
- http://www.gentoo.org/security/en/glsa/glsa-200512-04.xml
- http://archives.neohapsis.com/archives/bugtraq/2005-12/0138.html
- http://archives.neohapsis.com/archives/bugtraq/2005-12/0161.html
- http://www.novell.com/linux/security/advisories/2005_70_ipsec.html
- http://secunia.com/advisories/18115
- http://secunia.com/advisories/17581
- http://secunia.com/advisories/17980
- http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00057.html
- http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00058.html
- http://secunia.com/advisories/17680
Frequently Asked Questions
What is the severity of CVE-2005-3671?
CVE-2005-3671 has a severity rating that indicates it can lead to denial of service attacks.
How do I fix CVE-2005-3671?
To fix CVE-2005-3671, upgrade Openswan or FreeSwan to versions 2.4.4 or later.
What software is affected by CVE-2005-3671?
CVE-2005-3671 affects specific versions of Openswan prior to 2.4.4 and FreeSwan in SUSE LINUX 9.1 before 2.04_1.5.4-1.23.
What type of attack does CVE-2005-3671 enable?
CVE-2005-3671 enables remote attackers to exploit a denial of service vulnerability.
What causes the vulnerability in CVE-2005-3671?
The vulnerability in CVE-2005-3671 is caused by the IKEv1 implementation accepting crafted packets with invalid key lengths.
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/frees wan
- canonical/farmers wife
- version/farmers wife/2.04
- vendor/openswan
- canonical/xelerance openswan
- version/xelerance openswan/2.1.1
- version/xelerance openswan/2.1.2
- version/xelerance openswan/2.1.4
- version/xelerance openswan/2.1.5
- version/xelerance openswan/2.1.6
- version/xelerance openswan/2.2
- version/xelerance openswan/2.3
- vendor/xelerance
- canonical/openswan
- version/openswan/2.4.0