Signature Detail

IKE: Too Many Payloads

This protocol anomaly is an IKE packet that carries too many payloads. Cisco VPN clients are vulnerable to a remotely exploitable buffer overflow condition. Attackers can send an IKE packet with more than 57 valid payloads to overflow an internal buffer.

Extended Description

The Cisco VPN Client is prone to a remotely exploitable buffer overflow condition. It is possible to trigger this condition by sending malformed IKE packets to the client. The overflow is known to occur when the client attempts to process an IKE packet with more than 57 valid payloads. It may be possible to exploit this condition to execute arbitrary code with the privileges of the client. It is possible that exploitation of this vulnerability may affect availability of the client, resulting in a denial of service condition. This vulnerability affects versions of the client on all platforms.

Affected Products

• Cisco VPN Client for Linux 3.5.1
• Cisco VPN Client for Linux 3.5.2
• Cisco VPN Client for Mac OS X 3.5.1
• Cisco VPN Client for Mac OS X 3.5.2
• Cisco VPN Client for Solaris 3.5.1
• Cisco VPN Client for Solaris 3.5.2
• Cisco VPN Client for Windows 3.5.1
• Cisco VPN Client for Windows 3.5.2

References

• BugTraq: 5443
• CVE: CVE-2002-0852
• URL: http://www.kb.cert.org/vuls/id/287771
• URL: http://www.securityfocus.com/bid/5441
• URL: http://www.ietf.org/rfc/rfc2409.txt