Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
IKE:SYMANTEC-ISAKMPD-DOS |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
IKE |
Keywords |
Symantec ISAKMPd Denial of Service |
Release Date |
2013/07/01 |
Update Number |
2277 |
Supported Platforms |
idp-5.0.110121210+, isg-3.4.139899+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
IKE: Symantec ISAKMPd Denial of Service
This signature detects attempts to exploit a known vulnerability against multiple Symantec products that use the ISAKMP daemon. A successful attack can result in a denial-of-service condition.
Extended Description
The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability. Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory. It is reported that a remote attacker may exploit this condition to deny service to the Entrust library or to execute arbitrary code in the context of an implementation that uses the library. Although unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library.
Affected Products
- Entrust libkmp_isakmp_library
- Symantec enterprise_firewall 7.0.0 NT/2000
- Symantec enterprise_firewall 7.0.0 Solaris
- Symantec enterprise_firewall 7.0.4 NT/2000
- Symantec enterprise_firewall 7.0.4 Solaris
- Symantec gateway_security_360r
- Symantec gateway_security_5110 1.0.0
- Symantec gateway_security_5200 1.0.0
- Symantec gateway_security_5300
- Symantec gateway_security_5440
- Symantec velociraptor 1.5.0
References
- BugTraq: 11039
- CVE: CVE-2004-0369