Symantec Dynamic VPN Services: ISAKMP Denial of Service
1081
06 March 2020
21 November 2005
CLOSED
MEDIUM
SUMMARY
The NISCC (National Infrastructure Security Co-ordination Centre) a UK-sponsored inter-departmental agency has identified nearly five-thousand potential ISAKMP vulnerabilities. Test for these vulnerabilities were created by the NISCC and distributed to an unspecified number of vendors including Symantec.
While proactively testing our products against these vulnerabilities, Symantec uncovered a buffer overflow in two out of the five-thousand tests that can lead to a denial of service of the dynamic VPN services.
Severity
Medium
Remote Access |
Yes |
Local Access |
No |
Authentication Required |
No |
Exploit publicly available |
No |
AFFECTED PRODUCTS
Product |
Model/Platform |
Version |
Solution |
Symantec Enterprise Firewall |
Windows |
8.0 |
|
Solaris |
8.0 |
||
Symantec Gateway Security |
5000 Series |
3.0 |
|
5400 |
2.0.1 |
||
5310 |
1.0 |
||
5200/5300 |
1.0 |
||
5100 |
|
||
Symantec Firewall /VPN Appliance |
200/200R |
All |
|
100 |
All |
||
Symantec Gateway Security |
400 |
2.0 |
|
300 |
2.0 |
ADDITIONAL PRODUCT INFORMATION
Not Affected Product(s)
Product |
Model |
Version |
Symantec Clientless VPN Gateway |
4400 |
5.0 |
ISSUES
Details
Dynamic IPsec VPN tunnels require the use of ISAKMP (Internet Security Association and Key Management Protocol), a standard protocol that provides the framework for establishing, negotiating, modifying, and deleting security associations. The ISAKMP service listens on UDP port 500 on all the affected security gateways. Under certain conditions a malformed ISAKMP packet can potentially cause the ISAKMP service to crash therefore affecting the ability and stability of dynamic VPN tunnels.
MITIGATION
Symantec Response
Symantec engineers created patches to correct this issue. The patches listed above are available via the Symantec Enterprise Support site:
http://www.symantec.com/techsupp/enterprise/select_product_updates.html
Symantec is not aware of any active attempts against or customers impacted by this issue. M
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.