SUMMARY

The NISCC (National Infrastructure Security Co-ordination Centre) a UK-sponsored inter-departmental agency has identified nearly five-thousand potential ISAKMP vulnerabilities. Test for these vulnerabilities were created by the NISCC and distributed to an unspecified number of vendors including Symantec.

While proactively testing our products against these vulnerabilities, Symantec uncovered a buffer overflow in two out of the five-thousand tests that can lead to a denial of service of the dynamic VPN services.

Severity
Medium

AFFECTED PRODUCTS

ADDITIONAL PRODUCT INFORMATION

Not Affected Product(s)

ISSUES

Details
Dynamic IPsec VPN tunnels require the use of ISAKMP (Internet Security Association and Key Management Protocol), a standard protocol that provides the framework for establishing, negotiating, modifying, and deleting security associations. The ISAKMP service listens on UDP port 500 on all the affected security gateways. Under certain conditions a malformed ISAKMP packet can potentially cause the ISAKMP service to crash therefore affecting the ability and stability of dynamic VPN tunnels.

MITIGATION

Symantec Response
Symantec engineers created patches to correct this issue. The patches listed above are available via the Symantec Enterprise Support site:

http://www.symantec.com/techsupp/enterprise/select_product_updates.html

Symantec is not aware of any active attempts against or customers impacted by this issue. M

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.