Vulnerability CVE-2004-0369


Published: 2004-12-31   Modified: 2012-02-12

Description:
Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.

Vendor: Symantec
Product: Enterprise firewall 
Version:
8.0
7.0.4
7.0
Product: Gateway security 5400 
Version: 2.0;
Product: Velociraptor 
Version: 1.5;
Product: Gateway security 5300 
Version: 1.0;
Vendor: Entrust
Product: Entrust libkmp isakmp library 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://xforce.iss.net/xforce/xfdb/15669
http://xforce.iss.net/xforce/alerts/id/181
http://www.securityfocus.com/bid/11039
http://www.ciac.org/ciac/bulletins/o-206.shtml
http://www.auscert.org.au/render.html?it=4339
http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html

Related CVE
CVE-2007-4594
Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unkn...
CVE-2002-0712
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
CVE-2001-1024
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.
CVE-2001-0853
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.

Copyright 2019, cxsecurity.com

 

Back to Top