Vulnerability-Lookup

CERTA-2005-AVI-456

Vulnerability from certfr_avis - Published: 2005-11-15 - Updated: 2005-11-15

Une vulnérabilité dans Sun Solaris permet à un utilisateur distant mal intentionné de provoquer un déni de service.

Description

Une erreur dans la mise en œuvre de la première phase du protocole d'échange de clefs IKEv1 (Internet Key Exchange version 1) sur les systèmes Solaris de Sun permet à un utilisateur distant mal intentionné de provoquer un déni de service par le biais d'un message IKE malicieusement construit.

Solution

Se référer au bulletin de sécurité Cisco pour appliquer le correctif approprié (cf. Documentation).

None

Impacted products

	Vendor	Product	Description
	Intel	N/A	Sun Solaris 10 sur plateformes SPARC et Intel x86.
	Intel	N/A	Sun Solaris 9 sur plateformes SPARC et Intel x86 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun du 14 novembre 2005	None	vendor-advisory
Bulletin de sécurité de l'éditeur :	-	other
Site de l'éditeur :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Solaris 10 sur plateformes SPARC et Intel x86.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Solaris 9 sur plateformes SPARC et Intel x86 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne erreur dans la mise en \u0153uvre de la premi\u00e8re phase du protocole\nd\u0027\u00e9change de clefs IKEv1 (Internet Key Exchange version 1) sur les\nsyst\u00e8mes Solaris de Sun permet \u00e0 un utilisateur distant mal intentionn\u00e9\nde provoquer un d\u00e9ni de service par le biais d\u0027un message IKE\nmalicieusement construit.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Cisco pour appliquer le correctif\nappropri\u00e9 (cf. Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-11-15T00:00:00",
  "last_revision_date": "2005-11-15T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur :",
      "url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102040-1"
    },
    {
      "title": "Site de l\u0027\u00e9diteur :",
      "url": "http://www.sun.com"
    }
  ],
  "reference": "CERTA-2005-AVI-456",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Sun Solaris permet \u00e0 un utilisateur distant mal\nintentionn\u00e9 de provoquer un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Sun Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 14 novembre 2005",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted