Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
3
Replies

Vulnerability in PIX 506E

neilmborilla
Level 1
Level 1

‎03-11-2008 08:56 PM - edited ‎03-11-2019 05:15 AM

ISAKMP spi size buffer overflow

Internet Security Association and Key Management Protocol (ISAKMP) is a key exchange protocol signature. ISAKMP is vulnerable to a

buffer overflow. A remote attacker can send a specially-crafted ISAKMP payload to a vulnerable VPN client or server to overflow a buffer

and execute arbitrary code on the system, possibly with administrative privileges.

The supported operating systems in the Platforms Affected list are only vulnerable if they use the LibKmp ISAKMP library. Only VPN

or firewall products which implement the Entrust LibKmp ISAKMP library are vulnerable.

Remedy:

Apply the appropriate hotfix for this vulnerability, as listed in the Symantec Security Response SYM04-012 and available from the

Symantec FTP Update Web site. See References.

Can anyone help me resolved this? It is rated as high risk. Can't find remedy for this on the website.

Labels:
0 Helpful
3 Replies 3

brettmilborrow
Level 1
Level 1

‎03-12-2008 01:28 AM

.

0 Helpful

brettmilborrow
Level 1
Level 1

‎03-12-2008 01:30 AM

How do you know that the pix 506E is vulnerable?

The advisory states that devices affected are only those that run the 'Entrust LibKmp ISAKMP' library.

0 Helpful

neilmborilla
Level 1
Level 1
In response to brettmilborrow

‎03-12-2008 05:39 PM

Can you please explain further?

"... Only VPN

or firewall products which implement the Entrust LibKmp ISAKMP library are vulnerable."

Does it mean that PIX 506E does not support LibKmp ISAKMP library?

Please enlighten me

Thank you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card