IKE: Malicious IKE Packets Delete IPsec SA or all SAs
This signature detects attempts to exploit a known vulnerability against IKE Daemon. A successful exploit can remove an IPsec SA or all SAs.
Extended Description
It has been reported that it may be possible for attackers to remotely delete security associations (SAs) in hosts running the KAME IKE daemon Racoon.
Affected Products
Sgi propack
Short Name
IKE:SA-DELETE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
IKE
Keywords
CVE-2004-0164 Delete IKE IPsec Malicious Packets SA SAs all bid:9417 or
Release Date
06/15/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Sgi
Sco
Kame
CVSS Score
5.0