Solaris in.iked Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1018134
|
|
SecurityTracker URL: http://securitytracker.com/id?1018134
|
|
CVE Reference: CVE-2007-2989
(Links to External Site)
|
Updated: May 12 2008
|
Original Entry Date: May 29 2007
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Description: A vulnerability was reported in Solaris in.iked. A remote user can cause denial of service conditions.
A remote or local user can send specially crafted data to trigger a logical pointer-handling error in the ike_call_callbacks() function of the 'libike' library and crash the in.iked(1M) daemon.
|
Impact: A remote user can crash the in.iked(1M) daemon.
|
Solution: Sun has issued the following fixes.
SPARC Platform
* Solaris 9 with patch 113451-13 or later
x86 Platform
* Solaris
9 with patch 114435-12 or later
The Sun advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1 (Links to External Site)
|
Cause: State error
|
Underlying OS: UNIX (Solaris - SunOS)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 29 May 2007 15:14:43 -0400
Subject: A Security Vulnerability in the in.iked(1M) Service May Lead To a Denial of Service (DoS)
|
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1
|
|
