Users login

Create an account »


Users login

Home » Hacking News » VPN bug loose

VPN bug loose

by Nikola Strahija on November 17th, 2005 Cisco, Juniper, Checkpoint and Secgo Software VPN products, along with many others are vulnerable to a denial of service attack, due to a bug that was discovered by researchers at Finland's University.

The flaw affects a component of Ipsec, which is used by VPN software and hardware to securely exchange data over the Internet. There is some risk of affected VPN systems being taken over by attackers, but a more likely threat is a DOS attack, in which machines would be forced to reset repeatedly, jamming up networks and causing all kind of trouble for users.

-This issue is very important to you if you are using an IPsec VPN, said security research centre The SANS institute. -While this is not as severe as remote code execution, it can still break a business if critical network links are impacted.’

The problem concerns a component of the IPsec protocol, called ISAKMP (Internet Security Association and Key Management Protocol), which is used to send authentication data within IPsec. By sending specially crafted ISAKMP packets, an attacker could launch a variety of attacks, the UK's National Infrastructure Security Co-ordination Centre said in a statement.

Researchers say that some operating systems are also affected, including Sun's Solaris. The bug does not affect IBM’s AIX operating system and Microsoft’s products, the two companies said.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »