Stonesoft Corp. Security Advisory
| Date: | Oct 3, 2003 |
| Title: | SSH IPSec Toolkit Security Bugs |
| Refs: |
The information contained in this advisory is provided on an as-is basis. Stonesoft does not make any warranties of any kind with respect to the information contained in this advisory. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES ARE HEREBY DISCLAIMED AND EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW.
IN NO EVENT WILL STONESOFT, CORP. BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES HOWEVER CAUSED ARISING OUT OF THE USE OF OR INABILITY TO USE THE INFORMATION CONTAINED IN THIS ADVISORY.
If any of the above provisions are held to be in violation of applicable law, void, or unenforceable in any jurisdiction, then such provisions are waived to the extent necessary for this disclaimer to be otherwise enforceable in such jurisdiction.
1. Overview
SSH IPSec Toolkit has vulnerabilities in ASN.1 library that allow remote attackers to make Denial-of-Service attacks with malformed BER packets. These vulnerabilities may also enable the execution of arbitrary code, though this is assumed to be difficult to exploit.
2. StoneGate
The vulnerable version of SSH IPSec Toolkit is included in the StoneGate engine. The default rulebase in StoneGate allows everyone to connect to the IKE service even with a malformed BER packet.
All StoneGate engines up to and including version 2.2.1 contain the vulnerable IPSec Toolkit. A new StoneGate engine version 2.2.2 for Intel and S390 platforms is available now for download from Stonesoft's web site at www.stonesoft.com. A new StoneGate engine version 2.0.11 for SPARC platform is planned to be available on October 8th, 2003.
The Stonesoft security advisory of September 19th, 2003 warned about a vulnerability in OpenSSH software. The new StoneGate engine versions 2.0.11 and 2.2.2 also fix this vulnerability.
The Stonesoft security advisory of September 30th, 2003 warned about multiple vulnerabilities in OpenSSL software. The new StoneGate engine versions 2.0.11 and 2.2.2 also fix these vulnerabilities.
Recommended Actions:
All StoneGate users are encouraged to upgrade their StoneGate engines to the appropiate new version.
3. StoneBeat
StoneBeat products do not contain SSH IPSec Toolkit.
4. Appendices
Stonesoft Security Analysis Group's PGP key is available at: ftp://download.stonesoft.com/web/Support/Stonesoft Security Alert.asc
To report or inquire about a security problem with Stonesoft software, contact one or more of the following:
- Stonesoft Support
- Stonesoft Security Analysis Group. Send email to: security-alert@stonesoft.com
Copyright 2003 Stonesoft, Corp. All rights reserved.
Stonesoft, StoneGate and StoneBeat are trademarks or registered trademarks of Stonesoft, Corp. in Finland and other countries. All other company and product names contained herein are property of their respective holders. This advisory may be reproduced and distributed only in its unaltered form and only for non-commercial purposes.