IKE: Symantec ISAKMPd Denial of Service
This signature detects attempts to exploit a known vulnerability against multiple Symantec products that use the ISAKMP daemon. A successful attack can result in a denial-of-service condition.
Extended Description
The Entrust LibKMP ISAKMP library is reported to be affected by a remote buffer overflow vulnerability. Malicious ISAKMP packets may trigger a buffer overrun in the affected library resulting in the corruption of process memory. It is reported that a remote attacker may exploit this condition to deny service to the Entrust library or to execute arbitrary code in the context of an implementation that uses the library. Although unconfirmed, it is conjectured that this vulnerability may be related to the vulnerability described in BID 10273, as Checkpoint VPN-1 may use the affected library.
Affected Products
Symantec gateway_security_5440,Symantec enterprise_firewall
Short Name
IKE:SYMANTEC-ISAKMPD-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
IKE
Keywords
CVE-2004-0369 Denial ISAKMPd Service Symantec bid:11039 of
Release Date
07/01/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Entrust
Symantec
CVSS Score
7.5