Critical IPSec Vulnerability Exposes VPNs
A number of vendors are reporting vulnerabilities to potential denial of service attacks in the wake of disclosures of a weakness in a key IPSec (define) protocol.
According to an advisory (PDF, 64kb) posted by the the Oulu University Secure Programming Group (OUSPG) at the University of Oulu in Finland, the Internet Security Association and Key Management Protocol (ISAKMP) contains flaws that could lead to denial of service attacks, format string vulnerabilities and buffer overflows, which could allow attackers to execute arbitrary code on vulnerable systems.
ISAKMP is an important part of IPSec, which is used in many VPN products as well as assorted firewalls and other security services. According to OUSPG, a number of vendors have sent the organization information about how the vulnerability effects their products, including Cisco and Juniper, both of which reported vulnerabilities in their products.
An advisory from Cisco noted vulnerabilities in versions of its IOS, PIX firewalls, VPN 3000 Series Concentrators and MDS Series SanOS.
Juniper reported in an advisory that it was aware of and fixed the vulnerability in JUNOS software for its M/T/J-series routers built on or after July 28, 2005.
OUSPG said that administrators concerned about the vulnerability whose vendors have not yet released a patch could protect themselves by limiting access to only trusted IP addresses, and by avoiding using "aggressive mode" during negotiation.