ID CVE-2007-2989
Summary The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
References
Vulnerable Configurations
  • cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
    cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
CVSS
Base: 7.8 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2007-07-10T21:08:50.458-04:00
class vulnerability
contributors
name Pai Peng
organization Opsware, Inc.
description The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
family unix
id oval:org.mitre.oval:def:1966
status accepted
submitted 2007-06-06T11:47:00.000-04:00
title A Security Vulnerability in the in.iked(1M) Service May Lead To a Denial of Service (DoS)
version 36
refmap via4
bid 24209
confirm http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm
osvdb 36584
sectrack 1018134
secunia
  • 25465
  • 25661
sunalert 102745
vupen
  • ADV-2007-1982
  • ADV-2007-2188
xf solaris-iniked-dos(34576)
Last major update 11-10-2017 - 01:32
Published 01-06-2007 - 10:30
Last modified 11-10-2017 - 01:32
Back to Top