---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Cisco IOS IKE XAUTH Implementation Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA14853 VERIFY ADVISORY: http://secunia.com/advisories/14853/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Cisco IOS R12.x http://secunia.com/product/50/ Cisco IOS 12.x http://secunia.com/product/182/ DESCRIPTION: Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to bypass certain security restrictions. 1) An error in the processing of IKE (Internet Key Exchange) XAUTH messages can be be exploited via specially crafted packets to complete authentication and gain access to network resources. Successful exploitation requires knowledge of the shared group key to complete the IKE Phase 1 negotiation. 2) An error within the handling of ISAKMP profile attributes may cause the attributes to not be processed and result in a deadlock condition, which can be exploited to establish an unauthorised IPsec SA (Security Association). This vulnerability only affects ISAKMP profiles matched by certificate maps. The vulnerabilities affect network devices running the Cisco IOS 12.2T, 12.3, and 12.3T release trains and are configured for Cisco Easy VPN Server XAUTH version 6 authentication. SOLUTION: See patch matrix in the vendor advisory for information about fixes. http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml#software PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------