CVE Vulnerability

CVE-2008-1198

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

7.1 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.ernw.de/download/pskattack.pdf Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=435274 Issue Tracking
http://www.securitytracker.com/id?1019563 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/41053 VDB Entry
http://secunia.com/advisories/48045 Broken Link
Configurations

Configuration 1

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*
Information

Published : 2008-03-06 09:44

Updated : 2022-02-03 07:56

NVD link : CVE-2008-1198

Mitre link : CVE-2008-1198

Products Affected
No products.
CWE
NVD-CWE-noinfo