Sun Solaris 9.0/10.0 in.iked IPsec IKEv1 Packet denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.7 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Sun Solaris 9.0/10.0. The impacted element is an unknown function of the component in.iked. Performing a manipulation as part of IPsec IKEv1 Packet results in denial of service. This vulnerability is cataloged as CVE-2005-3674. It is possible to initiate the attack remotely. There is no exploit available. To fix this issue, it is recommended to deploy a patch.
Details
A vulnerability classified as critical has been found in Sun Solaris 9.0/10.0 (Operating System). This affects some unknown functionality of the component in.iked. The manipulation as part of a IPsec IKEv1 Packet leads to a denial of service vulnerability. CWE is classifying the issue as CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. This is going to have an impact on availability. The summary by CVE is:
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
The weakness was shared 11/14/2005 with Oulu University Secure Programming Group (OUSPG) (Website). It is possible to read the advisory at sunsolve.sun.com. This vulnerability is uniquely identified as CVE-2005-3674 since 11/18/2005. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.
It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 20332 (Solaris 10 (sparc) : 118371-10), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Solaris Local Security Checks.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at sunsolve.sun.com.
The vulnerability is also documented in the databases at X-Force (23033), Tenable (20332), SecurityFocus (BID 15420†), OSVDB (60995†) and Secunia (SA17554†). Further details are available at ficora.fi. The entries VDB-1912, VDB-1900, VDB-1898 and VDB-1896 are related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
- end of life (old version)
Website
- Vendor: https://www.oracle.com/sun/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 6.7
VulDB Base Score: 7.5
VulDB Temp Score: 6.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 20332
Nessus Name: Solaris 10 (sparc) : 118371-10
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: sunsolve.sun.com
ISS Proventia IPS: 🔍
Timeline
11/14/2005 🔍11/14/2005 🔍
11/14/2005 🔍
11/15/2005 🔍
11/15/2005 🔍
11/16/2005 🔍
11/18/2005 🔍
11/18/2005 🔍
12/04/2005 🔍
12/20/2005 🔍
07/21/2024 🔍
Sources
Vendor: oracle.comAdvisory: sunsolve.sun.com⛔
Organization: Oulu University Secure Programming Group (OUSPG)
Status: Confirmed
CVE: CVE-2005-3674 (🔍)
GCVE (CVE): GCVE-0-2005-3674
GCVE (VulDB): GCVE-100-1899
CERT: 🔍
X-Force: 23033
SecurityFocus: 15420 - Sun Solaris LibIKE IKE Exchange Denial Of Service Vulnerability
Secunia: 17554 - Sun Solaris in.iked ISAKMP IKE Message Processing Denial of Service, Moderately Critical
OSVDB: 60995 - Solaris in.iked ISAKMP Protocol Unspecified Malformed Input Remote DoS (PROTOS)
SecurityTracker: 1015210
Vulnerability Center: 9810 - SUN Solaris \x26 Sparc IKE DoS via Crafted IKE Packets, Medium
Vupen: ADV-2005-2417
Misc.: 🔍
See also: 🔍
Entry
Created: 11/16/2005 12:02Updated: 07/21/2024 13:14
Changes: 11/16/2005 12:02 (79), 07/05/2019 12:27 (11), 07/21/2024 13:14 (17)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.