The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.
References
Link | Resource |
---|---|
http://secunia.com/advisories/48045 | Broken Link |
http://www.ernw.de/download/pskattack.pdf | Exploit |
http://www.securitytracker.com/id?1019563 | Third Party Advisory VDB Entry |
https://bugzilla.redhat.com/show_bug.cgi?id=435274 | Issue Tracking |
https://exchange.xforce.ibmcloud.com/vulnerabilities/41053 | VDB Entry |
Configurations
Configuration 1 (hide)
|
History
03 Feb 2022, 19:56
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:enterprise_linux:4.0:*:*:*:*:*:*:* | |
CWE | NVD-CWE-noinfo | |
References | (SECTRACK) http://www.securitytracker.com/id?1019563 - Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/41053 - VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/48045 - Broken Link | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=435274 - Issue Tracking |
Information
Published : 2008-03-06 21:44
Updated : 2024-02-04 17:13
NVD link : CVE-2008-1198
Mitre link : CVE-2008-1198
CVE.ORG link : CVE-2008-1198
JSON object : View
Products Affected
redhat
- enterprise_linux
CWE