Hole found in widely used VPN gear

A number of VPN products, including those from Cisco and Juniper, could be vulnerable to a denial of service attack, thanks to a newly discovered bug.

Virtual private network products from a variety of vendors, including Cisco Systems and Juniper Networks are vulnerable to a denial of service attack, thanks to a bug that was recently discovered by researchers at Finland's University of Oulu.

The flaw affects a component of the IPsec (Internet Protocol Security) protocol used by VPN (virtual private network) software and hardware to securely exchange data over the Internet. While there is some risk of affected VPN systems being taken over by attackers, a more likely threat is a DOS (denial of service) attack, in which machines would be forced to reset repeatedly, jamming up networks and causing headaches for users.

"This issue is ... very important to you if you are using an IPsec VPN," said security research center The SANS Institute in a statement posted to its Web site. "While this is not as severe as remote code execution, it can still break a business if critical network links are impacted."

The problem concerns a component of the IPsec protocol, called ISAKMP (Internet Security Association and Key Management Protocol), which is used to send authentication data within IPsec. By sending specially crafted ISAKMP packets, an attacker could launch a variety of attacks, the U.K.'s National Infrastructure Security Co-ordination Centre said in a statement. (http://www.uniras.gov.uk/niscc/docs/br-20051114-01013.html?lang=en)

This bug was first reported Monday, and by Tuesday a number of vendors had posted statements explaining how it affects their products on the U.K. security Web site. (http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en)

In addition to Cisco (http://www.cisco.com/en/US/products/products_security_advisory09186a0080572f55.shtml) and Juniper, the bug has been reported in products from Checkpoint, (https://secureknowledge.us.checkpoint.com/SecureKnowledge/login.do?OriginalAction=solution&id=sk31316) Stonesoft (http://www.stonesoft.com/support/Security_Advisories/7244.html) and Secgo Software. (http://www.secgo.com/newsletter/20051114/CIP517_description.txt)

Researchers say that some operating systems are also affected, including Sun Microsystems's Solaris (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102040-1). IBM's AIX operating system and Microsoft's products are not affected by the bug, the two companies said.

More about: Cisco, Cisco Systems, IBM, Juniper, Juniper Networks, Microsoft, SANS Institute, Stonesoft, StoneSoft, Sun Microsystems, The SANS Institute

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/171/gadwin-web-snapshot/

Gadwin Web Snapshot

Gadwin Web Snapshot will effectively capture the entire page including all design elements when capturing web pages. It makes an image of the browser’s content ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia