ID |
CVE-2008-1198
|
Summary |
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.1 (as of 03-02-2022 - 19:56) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-noinfo |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:N/A:N
|
redhat
via4
|
advisories | bugzilla | id | 679998 | title | [REG][5.6] rm command reports an error message during system booting. |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
comment | initscripts is earlier than 0:8.45.42-1.el5 | oval | oval:com.redhat.rhsa:tst:20120312001 |
comment | initscripts is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20120312002 |
|
|
| rhsa | id | RHSA-2012:0312 | released | 2012-02-21 | severity | Low | title | RHSA-2012:0312: initscripts security and bug fix update (Low) |
|
| rpms | - initscripts-0:8.45.42-1.el5
- initscripts-debuginfo-0:8.45.42-1.el5
|
|
refmap
via4
|
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2008-03-07 | organization | Red Hat | statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1198
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
|
Last major update |
03-02-2022 - 19:56 |
Published |
06-03-2008 - 21:44 |
Last modified |
03-02-2022 - 19:56 |