|
OUSPG
[This page is CSS2 enabled. Your browser might not fully support it]
PROTOS Test-Suite: c09-isakmp
The Internet Security Association and Key Management Protocol
(ISAKMP), is designed to establish, negotiate, modify and delete
Security Associations. ISAKMP provides a consistent framework for
transferring key and authentication data which is independent of the
key generation technique, encryption algorithm and authentication
mechanism. Internet Key Exchange (IKE), a derivate of ISAKMP, is a key
protocol in the Internet Security Architecture (IPsec).
A subset of IKE Phase 1 negotiation was chosen as the subject
protocol for vulnerability assessment through syntax testing and
test-suite creation.
A survey of the related standards was made. Test-material was prepared
and tests were carried out against a sample set of existing
implementations. Results were gathered and reported.
Some of the implementations available for evaluation failed to perform
in a robust manner under the test. Some failures had information
security implications, and should be considered as vulnerabilities.
Therefore, this robustness test-material should be adopted for
evaluation and development of ISAKMP/IKE products.
This test-suite is a byproduct of the
"PROTOS - Security Testing of Protocol Implementations" project.
[1]
This test-suite covers a limited set of information security and
robustness related implementation errors within the chosen focus area.
Important: Background, goals, limitations,
terminology and licensing for this test-suite release are explained in
the
"Test-suite releases in Theory and Practice"
document. This test-suite covers a limited set of information
security and robustness related implementation errors for a subset of
the chosen protocol.
The purpose of this test-suite is to evaluate implementation level
security and robustness of Internet Security Association and Key
Management Protocol (ISAKMP) implementations. The initial scope
of the test-suite was set to IPsec DOI (Internet IP Security Domain of
Interpretation) version of ISAKMP, namely IKE (Internet Key
Exchange). The factors behind chossing IKE included:
-
IKE is an important part of IPsec which is used in critical
infrastructure. When IKE is being used, the traffic (UDP/500) is
usually not filtered until processed.
-
There are plenty of implementations by several vendors available for
testing. IKE has a history of interoperability problems.
-
There are no free, publicly available robustness test suites to
evaluate IKE implementations.
The scope was further narrowed to IKE phase 1 with pre-shared secret
authentication. Rationale behind this selection was:
-
IKE phase 1 does not require any special preconditions as phase 2
does. Additionally, phase 1 aggressive mode allows sending several
payloads in the first packet.
-
IKE phase 1 authentication with pre-shared secret is required from all
ISAKMP/IKE implementations.
Potential IKE vulnerabilites in above scope can be roughly categorised
based on the on the IKE identity and shared secret:
-
A. Vulnerability does not require a valid identity nor a shared
secret (greatest impact).
-
B. Vulnerability requires a valid identity but not the shared
secret.
-
C. Vulnerability requires both a valid identity and the
corresponding shared secret (smallest impact).
The peer source IP address may also affect on results depending on the
setup. For example, a different security policy may be selected in the
target implementation depending on whether the source IP is configured
as an IPsec endpoint or not. Some policies accept aggressive mode
exhcanges and some not.
The category C was chosen as the initial test-strategy. If possible,
the test-suite and test-subject were configured as IKE peers. If a
failure was discovered, it was verified within the other categories as
well.
The available standards were studied and analysed. The relevant
specifications are listed below.
-
RFC 2407 - The Internet IP Security Domain of Interpretation for
ISAKMP[2]
-
RFC 2408 - Internet Security Association and Key Management Protocol
(ISAKMP)[3]
-
RFC 2409 - The Internet Key Exchange (IKE)[4]
-
RFC 2412 - The OAKLEY Key Determination Protocol[5]
A survey of available implementations is conducted. This should
include a diverse selection of implementations in order to gain a
better insight into the applications implementing the protocol, and to
give a hint on the impact of potential vulnerabilities. A subset of
the implementations is chosen to be tested during the test-suite
creation and prerelease phases. Typically, not all implementations are
available for testing.
Additional lists of vendors, specific implementations and related
information may be found from the following resources:
-
VPN Vendor and Service Provider Links [6]
-
VPN Products and Services [7]
A subset of the implementations was chosen as a sample set to be
tested during the test-suite creation and pre-release phases. Most
likely reasons for omission of a specific product from the sample set
include:
- no evaluation copy of the product was available
- or a restrictive licence prohibited evaluation
- or we were not aware of the product
In injection vector survey, different methods of delivering the test
cases to the implementations under test are identified and
analysed. Often, there are several injection methods and one
test-suite cannot cover them all, or might miss some vectors not
available in all implementations.
Injection vector survey
Application protocol |
Transport protocol |
Packet |
IKE |
UDP (port 500) |
All IKE packets |
IKE |
TCP (port 500) |
All IKE packets |
ISAKMP consists of two phases. In phase 1 the two parties
negotiate a security association (SA) to agree on how to protect the
traffic in the next phase. In phase 2 keying material is
derived and policy to share it is negotiated. In this way security
associations for other security protocols are
established. [3].
There are two ways to establish a phase 1 SA, main mode and
aggressive mode. Both generate authenticated keying
material from an ephemeral Diffie-Hellman exchange. Main mode as
illustrated in figure 1, is required in every implementation whereas
aggressive mode (figure 2) is optional. In main mode the identities of
the parties are always protected but in aggressive mode only when
public key encryption is used in authentication. [4]
Here are the abbreviations used in figures 1 and 2:
- i = initiator
- r = responder
- hdr = ISAKMP Header
- hdrc = ISAKMP Header followed by encrypted payloads
- sa = security association payload
- ke = key exchange payload
- nonce = nonce payload
- id = identification payload
- hash = hash payload
Figure 1: Sequence diagram of main mode
In the first message of main mode the initiator generates one or more
proposals to protect neqotiations. It includes security association
payload which encapsulates proposal and transform payloads. The
responder chooses one of the proposals and sends it in the second
message. In the next two messages the Diffie-Hellman public values are
exchanged for common shared secret (key-exchange) and random
information (nonce). Then the initiator and responder authenticate the
Diffie-Hellman exchange. They exchange identification information (id)
and the results of the agreed authentication function (hash) in the
fifth and sixth messages. This information is encrypted by methods
agreed in previous messages. [3]
[4].
Figure 2: Sequence diagram of aggressive mode
In aggressive mode the first two messages negotiate policy, exchange
Diffie-Hellman public values and ancillary data necessary for the
exchange and identities. The second message also authenticates the
responder when the third message authenticates the initiator and
provides a proof of participation in the exchange.
[3] [4].
Once phase 1 is completed, phase 2 exchange is accomplished by the
quick mode. More than one phase 2 negotiations can be
started on the base of one phase 1 SA. [4].
Protocol data unit specifications are used as a basis for generating
the test-cases. Starting point for the design of the test-suite is to
acquire or create a machine-readable representation of the protocol
specification. The test-tool in use utilises a custom dialect of BNF
(Backus-Naur Form). BNF is capable of describing the
context-free syntax of a specification, but is often insufficient
for automated test-case generation. The specification is completed by
rules which maintain semantic validity and provide
communication channels necessary to simulate the protocol.
The following default values were used in the test-material:
- ISAKMP Security Association attributes:
- Encryption algorithm: 3DES-CBC
- Hash algorithm: HMAC-SHA-1
- Authentication method: Pre-shared key
- Group description: 1024 bit MODP (Oakley 2)
- Identification type:
An exceptional element is a piece of data designed to
provoke undesired behaviour of the test subject. A single test-case
contains one or few exceptional elements. An exceptional element can
violate the protocol specification, but often it is legal or in the
hazy region between legal and illegal constructs. In a nutshell, an
exceptional element is an input that might not have been considered
properly when implementing the software.
The following table lists the categories of the exceptional elements
designed for the test-material:
Exceptional Element Categories
Name |
Description |
ee-empty |
Omitted element |
ee-4bit |
Some 4-bit combinations |
ee-8bit |
Some 8-bit combinations |
ee-16bit |
Some 16-bit combinations |
ee-32bit |
Some 32-bit combinations |
ee-overflow |
Overflows of 0x61 |
ee-zero |
Overflows of 0x00 |
ee-fmtstring |
Format strings (e.g. %s%s%s or %.4097d) |
ee-string |
Exceptional strings including overflows and format strings |
ee-repeat |
Repeated element |
ee-ipv4-addr |
Some IPv4 addresses |
ee-ipv4-netmask |
Some IPv4 netmasks |
ee-ipv6-addr |
Some IPv6 addresses |
ee-ipv6-netmask |
Some IPv6 netmasks |
ee-fqdn |
Exceptional fully-qualified domain name strings |
ee-user-fqdn |
Exceptional fully-qualified username strings |
ee-notify-msg-type |
Selected notify message types |
The test-material consists of test-cases simulating hostile input to
the implementation under test. A test-case contains one or more
exceptional elements, other elements being in their default
state. Cases are arranged into test-groups, each covering a certain
part of PDUs or containing similar anomalies. Details for the test
messages are presented in the table below.
Test-groups
Name |
Exceptional Elements |
Test cases |
First index |
Last index |
valid-main-mode |
- |
1 |
0 |
0 |
valid-aggr-mode |
- |
1 |
1 |
1 |
main-hdr-sa-i-isakmp-header |
Ee-empty, ee-overflow |
11 |
2 |
12 |
main-hdr-sa-i-isakmp-header-next-payload |
Ee-empty, ee-8bit |
10 |
13 |
22 |
main-hdr-sa-i-isakmp-header-mjver |
ee-4bit |
4 |
23 |
26 |
main-hdr-sa-i-isakmp-header-mnver |
ee-4bit |
6 |
27 |
32 |
main-hdr-sa-i-isakmp-header-exchange-type |
Ee-empty, ee-8bit |
10 |
33 |
42 |
main-hdr-sa-i-isakmp-header-flags |
Ee-empty, ee-8bit |
13 |
43 |
55 |
main-hdr-sa-i-isakmp-header-message-id |
Ee-empty, ee-32bit |
20 |
56 |
75 |
main-hdr-sa-i-isakmp-header-length |
Ee-empty, ee-32bit |
20 |
76 |
95 |
main-hdr-sa-i-sec-association-payload |
Ee-empty, ee-overflow |
11 |
96 |
106 |
main-hdr-sa-i-sec-association-payload-next-payload |
Ee-empty, ee-8bit |
10 |
107 |
116 |
main-hdr-sa-i-sec-association-payload-reserved |
Ee-empty, ee-8bit |
10 |
117 |
126 |
main-hdr-sa-i-sec-association-payload-length |
Ee-empty, ee-16bit |
11 |
127 |
137 |
main-hdr-sa-i-sec-association-payload-doi |
Ee-empty, ee-32bit |
20 |
138 |
157 |
main-hdr-sa-i-sec-association-payload-situation |
Ee-empty, ee-32bit |
20 |
158 |
177 |
main-hdr-sa-i-sec-association-payload-labeled-domain-identifier |
Ee-empty, ee-32bit |
20 |
178 |
197 |
main-hdr-sa-i-sec-association-payload-secrecy |
Ee-empty, ee-overflow |
11 |
198 |
208 |
main-hdr-sa-i-sec-association-payload-secrecy-length |
Ee-empty, ee-16bit |
12 |
209 |
220 |
main-hdr-sa-i-sec-association-payload-secrecy-level |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
221 |
243 |
main-hdr-sa-i-sec-association-payload-secrecy-category-length |
Ee-empty, ee-16bit |
12 |
244 |
255 |
main-hdr-sa-i-sec-association-payload-secrecy-category-bitmap |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
256 |
278 |
main-hdr-sa-i-sec-association-payload-integrity |
Ee-empty, ee-overflow |
11 |
279 |
289 |
main-hdr-sa-i-sec-association-payload-integrity-length |
Ee-empty, ee-16bit |
12 |
290 |
301 |
main-hdr-sa-i-sec-association-payload-integrity-level |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
302 |
324 |
main-hdr-sa-i-sec-association-payload-integrity-category-length |
Ee-empty, ee-16bit |
12 |
325 |
336 |
main-hdr-sa-i-sec-association-payload-integrity-category-bitmap |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
337 |
359 |
main-hdr-sa-i-proposal-payload |
Ee-empty, ee-overflow |
11 |
360 |
370 |
main-hdr-sa-i-proposal-payload-next-payload |
Ee-empty, ee-8bit |
10 |
371 |
380 |
main-hdr-sa-i-proposal-payload-reserved |
Ee-empty, ee-8bit |
10 |
381 |
390 |
main-hdr-sa-i-proposal-payload-length |
Ee-empty, ee-16bit |
11 |
391 |
401 |
main-hdr-sa-i-proposal-payload-proposal-number |
Ee-empty, ee-8bit |
10 |
402 |
411 |
main-hdr-sa-i-proposal-payload-protocol-id |
Ee-empty, ee-8bit |
10 |
412 |
421 |
main-hdr-sa-i-proposal-payload-spi-size |
Ee-empty, ee-8bit |
10 |
422 |
431 |
main-hdr-sa-i-proposal-payload-number-of-transforms |
Ee-empty, ee-8bit |
10 |
432 |
441 |
main-hdr-sa-i-proposal-payload-spi |
Ee-empty, ee-overflow |
11 |
442 |
452 |
main-hdr-sa-i-transform-payload |
Ee-empty, ee-overflow |
11 |
453 |
463 |
main-hdr-sa-i-transform-payload-repeat |
Ee-repeat |
8 |
464 |
471 |
main-hdr-sa-i-transform-payload-next-payload |
Ee-empty, ee-8bit |
10 |
472 |
481 |
main-hdr-sa-i-transform-payload-reserved |
Ee-empty, ee-8bit |
10 |
482 |
491 |
main-hdr-sa-i-transform-payload-length |
Ee-empty, ee-16bit |
11 |
492 |
502 |
main-hdr-sa-i-transform-payload-transform-number |
Ee-empty, ee-8bit |
10 |
503 |
512 |
main-hdr-sa-i-transform-payload-transform-id |
Ee-empty, ee-8bit |
10 |
513 |
522 |
main-hdr-sa-i-transform-payload-reserved2 |
Ee-empty, ee-16bit |
12 |
523 |
534 |
main-hdr-sa-i-transform-payload-sa-attributes |
Ee-empty, ee-32bit, ee-overflow, ee-fmtstring, ee- repeat |
48 |
535 |
582 |
main-hdr-sa-i-transform-payload-SA-Encryption-Algorithm-type |
Ee-empty, ee-16bit |
12 |
583 |
594 |
main-hdr-sa-i-transform-payload-SA-Encryption-Algorithm-tlv-length |
Ee-empty, ee-16bit |
12 |
595 |
606 |
main-hdr-sa-i-transform-payload-SA-Encryption-Algorithm-tv-value |
Ee-empty, ee-16bit |
12 |
607 |
618 |
main-hdr-sa-i-transform-payload-SA-Encryption-Algorithm-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
619 |
641 |
main-hdr-sa-i-transform-payload-SA-Hash-Algorithm-type |
Ee-empty, ee-16bit |
12 |
642 |
653 |
main-hdr-sa-i-transform-payload-SA-Hash-Algorithm-tlv-length |
Ee-empty, ee-16bit |
12 |
654 |
665 |
main-hdr-sa-i-transform-payload-SA-Hash-Algorithm-tv-value |
Ee-empty, ee-16bit |
12 |
666 |
677 |
main-hdr-sa-i-transform-payload-SA-Hash-Algorithm-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
678 |
700 |
main-hdr-sa-i-transform-payload-SA-Authentication-Method-type |
Ee-empty, ee-16bit |
12 |
701 |
712 |
main-hdr-sa-i-transform-payload-SA-Authentication-Method-tlv-length |
Ee-empty, ee-16bit |
12 |
713 |
724 |
main-hdr-sa-i-transform-payload-SA-Authentication-Method-tv-value |
Ee-empty, ee-16bit |
12 |
725 |
736 |
main-hdr-sa-i-transform-payload-SA-Authentication-Method-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
737 |
759 |
main-hdr-sa-i-transform-payload-SA-Group-Description-type |
Ee-empty, ee-16bit |
12 |
760 |
771 |
main-hdr-sa-i-transform-payload-SA-Group-Description-tlv-length |
Ee-empty, ee-16bit |
12 |
772 |
783 |
main-hdr-sa-i-transform-payload-SA-Group-Description-tv-value |
Ee-empty, ee-16bit |
12 |
784 |
795 |
main-hdr-sa-i-transform-payload-SA-Group-Description-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
796 |
818 |
main-hdr-sa-i-transform-payload-SA-Group-Type-type |
Ee-empty, ee-16bit |
12 |
819 |
830 |
main-hdr-sa-i-transform-payload-SA-Group-Type-tlv-length |
Ee-empty, ee-16bit |
12 |
831 |
842 |
main-hdr-sa-i-transform-payload-SA-Group-Type-tv-value |
Ee-empty, ee-16bit |
12 |
843 |
854 |
main-hdr-sa-i-transform-payload-SA-Group-Type-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
855 |
877 |
main-hdr-sa-i-transform-payload-SA-Group-Prime-Irreducible-Polynomial-type |
Ee-empty, ee-16bit |
12 |
878 |
889 |
main-hdr-sa-i-transform-payload-SA-Group-Prime-Irreducible-Polynomial-tlv-length |
Ee-empty, ee-16bit |
12 |
890 |
901 |
main-hdr-sa-i-transform-payload-SA-Group-Prime-Irreducible-Polynomial-tv-value |
Ee-empty, ee-16bit |
12 |
902 |
913 |
main-hdr-sa-i-transform-payload-SA-Group-Prime-Irreducible-Polynomial-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
914 |
936 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-One-type |
Ee-empty, ee-16bit |
12 |
937 |
948 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-One-tlv-length |
Ee-empty, ee-16bit |
12 |
949 |
960 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-One-tv-value |
Ee-empty, ee-16bit |
12 |
961 |
972 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-One-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
973 |
995 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-Two-type |
Ee-empty, ee-16bit |
12 |
996 |
1007 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-Two-tlv-length |
Ee-empty, ee-16bit |
12 |
1008 |
1019 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-Two-tv-value |
Ee-empty, ee-16bit |
12 |
1020 |
1031 |
main-hdr-sa-i-transform-payload-SA-Group-Generator-Two-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1032 |
1054 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-A-type |
Ee-empty, ee-16bit |
12 |
1055 |
1066 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-A-tlv-length |
Ee-empty, ee-16bit |
12 |
1067 |
1078 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-A-tv-value |
Ee-empty, ee-16bit |
12 |
1079 |
1090 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-A-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1091 |
1113 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-B-type |
Ee-empty, ee-16bit |
12 |
1114 |
1125 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-B-tlv-length |
Ee-empty, ee-16bit |
12 |
1126 |
1137 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-B-tv-value |
Ee-empty, ee-16bit |
12 |
1138 |
1149 |
main-hdr-sa-i-transform-payload-SA-Group-Curve-B-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1150 |
1172 |
main-hdr-sa-i-transform-payload-SA-Life-Type-type |
Ee-empty, ee-16bit |
12 |
1173 |
1184 |
main-hdr-sa-i-transform-payload-SA-Life-Type-tlv-length |
Ee-empty, ee-16bit |
12 |
1185 |
1196 |
main-hdr-sa-i-transform-payload-SA-Life-Type-tv-value |
Ee-empty, ee-16bit |
12 |
1197 |
1208 |
main-hdr-sa-i-transform-payload-SA-Life-Type-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1209 |
1231 |
main-hdr-sa-i-transform-payload-SA-Life-Duration-type |
Ee-empty, ee-16bit |
12 |
1232 |
1243 |
main-hdr-sa-i-transform-payload-SA-Life-Duration-tlv-length |
Ee-empty, ee-16bit |
12 |
1244 |
1255 |
main-hdr-sa-i-transform-payload-SA-Life-Duration-tv-value |
Ee-empty, ee-16bit |
12 |
1256 |
1267 |
main-hdr-sa-i-transform-payload-SA-Life-Duration-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1268 |
1290 |
main-hdr-sa-i-transform-payload-SA-PRF-type |
Ee-empty, ee-16bit |
12 |
1291 |
1302 |
main-hdr-sa-i-transform-payload-SA-PRF-tlv-length |
Ee-empty, ee-16bit |
12 |
1303 |
1314 |
main-hdr-sa-i-transform-payload-SA-PRF-tv-value |
Ee-empty, ee-16bit |
12 |
1315 |
1326 |
main-hdr-sa-i-transform-payload-SA-PRF-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1327 |
1349 |
main-hdr-sa-i-transform-payload-SA-Key-Length-type |
Ee-empty, ee-16bit |
12 |
1350 |
1361 |
main-hdr-sa-i-transform-payload-SA-Key-Length-tlv-length |
Ee-empty, ee-16bit |
12 |
1362 |
1373 |
main-hdr-sa-i-transform-payload-SA-Key-Length-tv-value |
Ee-empty, ee-16bit |
12 |
1374 |
1385 |
main-hdr-sa-i-transform-payload-SA-Key-Length-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1386 |
1408 |
main-hdr-sa-i-transform-payload-SA-Field-Size-type |
Ee-empty, ee-16bit |
12 |
1409 |
1420 |
main-hdr-sa-i-transform-payload-SA-Field-Size-tlv-length |
Ee-empty, ee-16bit |
12 |
1421 |
1432 |
main-hdr-sa-i-transform-payload-SA-Field-Size-tv-value |
Ee-empty, ee-16bit |
12 |
1433 |
1444 |
main-hdr-sa-i-transform-payload-SA-Field-Size-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1445 |
1467 |
main-hdr-sa-i-transform-payload-SA-Group-Order-type |
Ee-empty, ee-16bit |
12 |
1468 |
1479 |
main-hdr-sa-i-transform-payload-SA-Group-Order-tlv-length |
Ee-empty, ee-16bit |
12 |
1480 |
1491 |
main-hdr-sa-i-transform-payload-SA-Group-Order-tv-value |
Ee-empty, ee-16bit |
12 |
1492 |
1503 |
main-hdr-sa-i-transform-payload-SA-Group-Order-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
1504 |
1526 |
main-hdr-ke-nonce-i-isakmp-header |
Ee-empty, ee-overflow |
11 |
1527 |
1537 |
main-hdr-ke-nonce-i-isakmp-header-next-payload |
Ee-empty, ee-8bit |
10 |
1538 |
1547 |
main-hdr-ke-nonce-i-isakmp-header-mjver |
ee-4bit |
4 |
1548 |
1551 |
main-hdr-ke-nonce-i-isakmp-header-mnver |
ee-4bit |
6 |
1552 |
1557 |
main-hdr-ke-nonce-i-isakmp-header-exchange-type |
Ee-empty, ee-8bit |
10 |
1558 |
1567 |
main-hdr-ke-nonce-i-isakmp-header-flags |
Ee-empty, ee-8bit |
13 |
1568 |
1580 |
main-hdr-ke-nonce-i-isakmp-header-message-id |
Ee-empty, ee-32bit |
20 |
1581 |
1600 |
main-hdr-ke-nonce-i-isakmp-header-length |
Ee-empty, ee-32bit |
20 |
1601 |
1620 |
main-hdr-ke-nonce-i-key-exchange-payload |
Ee-empty, ee-overflow |
11 |
1621 |
1631 |
main-hdr-ke-nonce-i-key-exchange-payload-next-payload |
Ee-empty, ee-8bit |
10 |
1632 |
1641 |
main-hdr-ke-nonce-i-key-exchange-payload-reserved |
Ee-empty, ee-8bit |
10 |
1642 |
1651 |
main-hdr-ke-nonce-i-key-exchange-payload-length |
Ee-empty, ee-16bit |
11 |
1652 |
1662 |
main-hdr-ke-nonce-i-key-exchange-payload-key-exchange-data |
Ee-empty, ee-string |
52 |
1663 |
1714 |
main-hdr-ke-nonce-i-nonce-payload |
Ee-empty, ee-overflow |
11 |
1715 |
1725 |
main-hdr-ke-nonce-i-nonce-payload-next-payload |
Ee-empty, ee-8bit |
10 |
1726 |
1735 |
main-hdr-ke-nonce-i-nonce-payload-reserved |
Ee-empty, ee-8bit |
10 |
1736 |
1745 |
main-hdr-ke-nonce-i-nonce-payload-length |
Ee-empty, ee-16bit |
11 |
1746 |
1756 |
main-hdr-ke-nonce-i-nonce-payload-nonce-data |
Ee-empty, ee-string |
52 |
1757 |
1808 |
main-hdrc-id-hash-i-isakmp-header |
Ee-empty, ee-overflow |
11 |
1809 |
1819 |
main-hdrc-id-hash-i-isakmp-header-next-payload |
Ee-empty, ee-8bit |
10 |
1820 |
1829 |
main-hdrc-id-hash-i-isakmp-header-mjver |
ee-4bit |
4 |
1830 |
1833 |
main-hdrc-id-hash-i-isakmp-header-mnver |
ee-4bit |
6 |
1834 |
1839 |
main-hdrc-id-hash-i-isakmp-header-exchange-type |
Ee-empty, ee-8bit |
10 |
1840 |
1849 |
main-hdrc-id-hash-i-isakmp-header-flags |
Ee-empty, ee-8bit |
13 |
1850 |
1862 |
main-hdrc-id-hash-i-isakmp-header-message-id |
Ee-empty, ee-32bit |
20 |
1863 |
1882 |
main-hdrc-id-hash-i-isakmp-header-length |
Ee-empty, ee-32bit |
20 |
1883 |
1902 |
main-hdrc-id-hash-i-padding |
Ee-zero |
10 |
1903 |
1912 |
main-hdrc-id-hash-i-identification-payload |
Ee-empty, ee-overflow |
11 |
1913 |
1923 |
main-hdrc-id-hash-i-identification-payload-next-payload |
Ee-empty, ee-8bit |
10 |
1924 |
1933 |
main-hdrc-id-hash-i-identification-payload-reserved |
Ee-empty, ee-8bit |
10 |
1934 |
1943 |
main-hdrc-id-hash-i-identification-payload-length |
Ee-empty, ee-16bit |
11 |
1944 |
1954 |
main-hdrc-id-hash-i-identification-payload-id-type |
Ee-empty, ee-8bit |
10 |
1955 |
1964 |
main-hdrc-id-hash-i-identification-payload-protocol-id |
Ee-empty, ee-8bit |
20 |
1965 |
1984 |
main-hdrc-id-hash-i-identification-payload-port |
Ee-empty, ee-8bit |
12 |
1985 |
1996 |
main-hdrc-id-hash-i-identification-data-ipv4-addr |
Ee-empty, ee-overflow, ee-ipv4-addr |
18 |
1997 |
2014 |
main-hdrc-id-hash-i-identification-data-fqdn |
Ee-empty, ee-overflow, ee-string, ee-fqdn |
101 |
2015 |
2115 |
main-hdrc-id-hash-i-identification-data-user-fqdn |
Ee-empty, ee-overflow, ee-string, ee-user-fqdn |
98 |
2116 |
2213 |
main-hdrc-id-hash-i-identification-data-ipv4-subnet |
Ee-empty, ee-overflow |
11 |
2214 |
2224 |
main-hdrc-id-hash-i-identification-data-ipv4-subnet-mask |
ee-ipv4-netmask |
12 |
2225 |
2236 |
main-hdrc-id-hash-i-identification-data-ipv6-addr |
Ee-empty, ee-overflow, ee-ipv6-addr |
31 |
2237 |
2267 |
main-hdrc-id-hash-i-identification-data-ipv6-subnet |
Ee-empty, ee-overflow |
11 |
2268 |
2278 |
main-hdrc-id-hash-i-identification-data-ipv6-subnet-mask |
Ee-ipv6-netmask |
6 |
2279 |
2284 |
main-hdrc-id-hash-i-identification-data-ipv4-range |
Ee-empty, ee-overflow |
11 |
2285 |
2295 |
main-hdrc-id-hash-i-identification-data-ipv4-range-addr |
ee-ipv4-addr |
7 |
2296 |
2302 |
main-hdrc-id-hash-i-identification-data-ipv6-range |
Ee-empty, ee-overflow |
11 |
2303 |
2313 |
main-hdrc-id-hash-i-identification-data-ipv6-range-addr |
ee-ipv6-addr |
20 |
2314 |
2333 |
main-hdrc-id-hash-i-identification-data-dn |
Ee-empty, ee-overflow |
11 |
2334 |
2344 |
main-hdrc-id-hash-i-identification-data-gn |
Ee-empty, ee-overflow |
11 |
2345 |
2355 |
main-hdrc-id-hash-i-identification-data-key-id |
Ee-empty, ee-overflow |
11 |
2356 |
2366 |
main-hdrc-id-hash-i-hash-payload |
Ee-empty, ee-overflow |
11 |
2367 |
2377 |
main-hdrc-id-hash-i-hash-payload-next-payload |
Ee-empty, ee-8bit |
10 |
2378 |
2387 |
main-hdrc-id-hash-i-hash-payload-reserved |
Ee-empty, ee-8bit |
10 |
2388 |
2397 |
main-hdrc-id-hash-i-hash-payload-length |
Ee-empty, ee-16bit |
11 |
2398 |
2408 |
main-hdrc-id-hash-i-hash-payload-hash-data |
Ee-empty, ee-string |
52 |
2409 |
2460 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header |
Ee-empty, ee-overflow |
11 |
2461 |
2471 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-next-payload |
Ee-empty, ee-8bit |
10 |
2472 |
2481 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-mjver |
ee-4bit |
4 |
2482 |
2485 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-mnver |
ee-4bit |
6 |
2486 |
2491 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-exchange-type |
Ee-empty, ee-8bit |
10 |
2492 |
2501 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-flags |
Ee-empty, ee-8bit |
13 |
2502 |
2514 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-message-id |
Ee-empty, ee-32bit |
20 |
2515 |
2534 |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-length |
Ee-empty, ee-32bit |
20 |
2535 |
2554 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload |
Ee-empty, ee-overflow |
11 |
2555 |
2565 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-next-payload |
Ee-empty, ee-8bit |
10 |
2566 |
2575 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-reserved |
Ee-empty, ee-8bit |
10 |
2576 |
2585 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-length |
Ee-empty, ee-16bit |
11 |
2586 |
2596 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-doi |
Ee-empty, ee-32bit |
20 |
2597 |
2616 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-situation |
Ee-empty, ee-32bit |
20 |
2617 |
2636 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-labeled-domain-identifier |
Ee-empty, ee-32bit |
20 |
2637 |
2656 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy |
Ee-empty, ee-overflow |
11 |
2657 |
2667 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-length |
Ee-empty, ee-16bit |
12 |
2668 |
2679 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-level |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
2680 |
2702 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-category-length |
Ee-empty, ee-16bit |
12 |
2703 |
2714 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-category-bitmap |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
2715 |
2737 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity |
Ee-empty, ee-overflow |
11 |
2738 |
2748 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-length |
Ee-empty, ee-16bit |
12 |
2749 |
2760 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-level |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
2761 |
2783 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-category-length |
Ee-empty, ee-16bit |
12 |
2784 |
2795 |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-category-bitmap |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
2796 |
2818 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload |
Ee-empty, ee-overflow |
11 |
2819 |
2829 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-next-payload |
Ee-empty, ee-8bit |
10 |
2830 |
2839 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-reserved |
Ee-empty, ee-8bit |
10 |
2840 |
2849 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-length |
Ee-empty, ee-16bit |
11 |
2850 |
2860 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-proposal-number |
Ee-empty, ee-8bit |
10 |
2861 |
2870 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-protocol-id |
Ee-empty, ee-8bit |
10 |
2871 |
2880 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-spi-size |
Ee-empty, ee-8bit |
10 |
2881 |
2890 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-number-of-transforms |
Ee-empty, ee-8bit |
10 |
2891 |
2900 |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-spi |
Ee-empty, ee-overflow |
29 |
2901 |
2929 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload |
Ee-empty, ee-overflow |
11 |
2930 |
2940 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-next-payload |
Ee-empty, ee-8bit |
10 |
2941 |
2950 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-reserved |
Ee-empty, ee-8bit |
10 |
2951 |
2960 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-length |
Ee-empty, ee-16bit |
11 |
2961 |
2971 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-transform-number |
Ee-empty, ee-8bit |
10 |
2972 |
2981 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-transform-id |
Ee-empty, ee-8bit |
10 |
2982 |
2991 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-reserved2 |
Ee-empty, ee-16bit |
12 |
2992 |
3003 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-sa-attributes |
Ee-overflow |
10 |
3004 |
3013 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-type |
Ee-empty, ee-16bit |
12 |
3014 |
3025 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-tlv-length |
Ee-empty, ee-16bit |
12 |
3026 |
3037 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-tv-value |
Ee-empty, ee-16bit |
12 |
3038 |
3049 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
3050 |
3072 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-type |
Ee-empty, ee-16bit |
12 |
3073 |
3084 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-tlv-length |
Ee-empty, ee-16bit |
12 |
3085 |
3096 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-tv-value |
Ee-empty, ee-16bit |
12 |
3097 |
3108 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
3109 |
3131 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-type |
Ee-empty, ee-16bit |
12 |
3132 |
3143 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-tlv-length |
Ee-empty, ee-16bit |
12 |
3144 |
3155 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-tv-value |
Ee-empty, ee-16bit |
12 |
3156 |
3167 |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-tlv-value |
Ee-empty, ee-overflow, ee-fmtstring |
23 |
3168 |
3190 |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload |
Ee-empty, ee-overflow |
11 |
3191 |
3201 |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-next-payload |
Ee-empty, ee-8bit |
10 |
3202 |
3211 |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-reserved |
Ee-empty, ee-8bit |
10 |
3212 |
3221 |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-length |
Ee-empty, ee-16bit |
11 |
3222 |
3232 |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-key-exchange-data |
Ee-empty, ee-overflow, ee-string, ee-repeat |
68 |
3233 |
3300 |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload |
Ee-empty, ee-overflow |
11 |
3301 |
3311 |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-next-payload |
Ee-empty, ee-8bit |
10 |
3312 |
3321 |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-reserved |
Ee-empty, ee-8bit |
10 |
3322 |
3331 |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-length |
Ee-empty, ee-16bit |
11 |
3332 |
3342 |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-nonce-data |
Ee-empty, ee-overflow, ee-string, ee-repeat |
68 |
3343 |
3410 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload |
Ee-empty, ee-overflow |
11 |
3411 |
3421 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-next-payload |
Ee-empty, ee-8bit |
10 |
3422 |
3431 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-reserved |
Ee-empty, ee-8bit |
10 |
3432 |
3441 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-length |
Ee-empty, ee-16bit |
11 |
3442 |
3452 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-id-type |
Ee-empty, ee-8bit |
10 |
3453 |
3462 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-protocol-id |
Ee-empty, ee-8bit |
20 |
3463 |
3482 |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-port |
Ee-empty, ee-8bit |
12 |
3483 |
3494 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-ipv4-addr |
Ee-empty, ee-overflow, ee-ipv4-addr |
18 |
3495 |
3512 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-fqdn |
Ee-empty, ee-overflow, ee-string, ee-fqdn |
101 |
3513 |
3613 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-user-fqdn |
Ee-empty, ee-overflow, ee-string, ee-user-fqdn |
98 |
3614 |
3711 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-ipv6-addr |
Ee-empty, ee-overflow, ee-ipv6-addr |
31 |
3712 |
3742 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-dn |
Ee-empty, ee-overflow |
11 |
3743 |
3753 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-gn |
Ee-empty, ee-overflow |
11 |
3754 |
3764 |
aggr-hdr-sa-ke-nonce-id-i-identification-data-key-id |
Ee-empty, ee-overflow |
11 |
3765 |
3775 |
aggr-hdrc-hash-i-isakmp-header |
Ee-empty, ee-overflow |
11 |
3776 |
3786 |
aggr-hdrc-hash-i-isakmp-header-next-payload |
Ee-empty, ee-8bit |
10 |
3787 |
3796 |
aggr-hdrc-hash-i-isakmp-header-mjver |
ee-4bit |
4 |
3797 |
3800 |
aggr-hdrc-hash-i-isakmp-header-mnver |
ee-4bit |
6 |
3801 |
3806 |
aggr-hdrc-hash-i-isakmp-header-exchange-type |
Ee-empty, ee-8bit |
10 |
3807 |
3816 |
aggr-hdrc-hash-i-isakmp-header-flags |
Ee-empty, ee-8bit |
13 |
3817 |
3829 |
aggr-hdrc-hash-i-isakmp-header-message-id |
Ee-empty, ee-32bit |
20 |
3830 |
3849 |
aggr-hdrc-hash-i-isakmp-header-length |
Ee-empty, ee-32bit |
20 |
3850 |
3869 |
aggr-hdrc-hash-i-hash-payload |
Ee-empty, ee-overflow |
11 |
3870 |
3880 |
aggr-hdrc-hash-i-hash-payload-next-payload |
Ee-empty, ee-8bit |
10 |
3881 |
3890 |
aggr-hdrc-hash-i-hash-payload-reserved |
Ee-empty, ee-8bit |
10 |
3891 |
3900 |
aggr-hdrc-hash-i-hash-payload-length |
Ee-empty, ee-16bit |
11 |
3901 |
3911 |
aggr-hdrc-hash-i-hash-payload-hash-data |
Ee-empty, ee-string |
52 |
3912 |
3963 |
info-notification-length |
Ee-empty, ee-16bit |
12 |
3964 |
3975 |
info-notification-spi-size |
Ee-empty, ee-8bit |
10 |
3976 |
3985 |
info-notification-message-type |
Ee-empty, ee-8bit |
10 |
3986 |
3995 |
info-notification-spi |
Ee-empty, ee-overflow |
11 |
3996 |
4006 |
info-notification-message-type-and-data |
Ee-notify-msg-type, ee-string |
306 |
4007 |
4312 |
info-sa-notification-message-type-and-data |
Ee-notify-msg-type, ee-string |
306 |
4313 |
4618 |
info-ke-nonce-notification-message-type-and-data |
Ee-notify-msg-type, ee-string |
306 |
4619 |
4924 |
info-delete-length |
Ee-empty, ee-16bit |
12 |
4925 |
4936 |
info-delete-spi-size |
Ee-empty, ee-8bit |
10 |
4937 |
4946 |
info-delete-number-of-spi |
Ee-empty, ee-16bit |
12 |
4947 |
4958 |
info-delete-spi |
Ee-empty, ee-overflow |
11 |
4959 |
4969 |
info-delete-spi-size1-repeat |
Ee-repeat |
10 |
4970 |
4979 |
info-delete-spi-size4-repeat |
Ee-repeat |
10 |
4980 |
4989 |
info-delete-spi-size16-repeat |
Ee-repeat |
10 |
4990 |
4999 |
Legend:
-
"Name" column represents the tag-names of the test-groups. Tags
reflect the field and element names in the protocol specification.
Tags can be used to follow which parts of the PDUs are being tested.
-
"Exceptional Elements" column describes which exceptional element
categories are integrated in the test-group.
-
"Test Cases", "First Index" and "Last Index" columns describe the the
number of cases and the first and last test-case index in the
test-group.
Test-runs were conducted against the chosen sample of
implementations. Specifications, exceptional elements, semantic rules,
injectors and instrumentation were integrated as a test-tool
configuration to enable automatic execution of the tests.
The test-tool provides communication rules for test-case
injection. The test-tool was configured as the initiator of the IKE
negotiation.
The implementation under test is monitored for undesired behaviour that
could have security implications. Instrumentation methods can roughly
be divided to two categories.
Out-of-Band Instrumentation on the target platform includes
debuggers, resource monitoring or custom made tools used to extract
information from the implementation under test. Unfortunately, the
modern trend of abusing the try-catch -type of constructs
easily masks the exceptions generated by stack and memory corruption.
Catching these hidden exceptions relies on the debugging skills of the
developers themselves. Out-of-Band Instrumentation is often the
preferred form of instrumentation.
In In-Band Instrumentation the implementation is monitored
via the injection vector, ie. the same interface used to deliver the
test-cases. While not necessarily checked for protocol conformance,
absent or malformed responses can often reveal anomalous conditions
such as denial of service. Also, the ability to accept subsequent
test-cases indicates how they affect the performance of the target
implementation. Especially with embedded devices, this form of
instrumentation may be the only option easily available.
A valid case in-band instrumentation will be bundled with the
test-material.
Results from the test-runs are summarised herein. Tables below
represent the observations from feeding the test-material against the
chosen subject software. Product names of the actual subjects are
omitted to protect the innocent. Results are presented in a tabular
form with test-cases divided into test-groups based on the exceptional
element types utilised and PDU fields under examination.
Each failed test-case represents at minimum a denial of service type
chance of exploiting the found vulnerability. In most cases, they
represent memory corruption, stack corruption or other fatal error
conditions. Some of these may lead exposure to typical buffer
overflow exploits, allowing running of arbitrary code or modification
of the target system.
The verdict failed is granted if any of the following
criteria is met and a single test-case can be identified to be
responsible:
-
A device undergoes a fatal failure and stops functioning normally.
-
A process or a device crashes or hangs and needs to be restarted
manually.
-
A process or a device crashes and restarts automatically.
-
A process consumes CPU and/or memory resources for an exceptionally
long or indefinite time thus causing at least a denial of service.
If no single test-case can be identified but similar effects are
observed, the verdict is inconclusive.
Sometimes, a subject gets corrupted so badly or is fundamentally so
unstable that there is no way to collect accurate test-results for the
whole test-run. Untested regions are marked as
unknown.
Otherwise, the verdict is passed.
Test-results
Test-group / Test-run # |
tr-001 |
tr-002 |
tr-003 |
tr-004 |
tr-005 |
tr-006 |
tr-007 |
tr-008 |
[passed test-groups omitted] |
|
|
|
|
|
|
|
|
main-hdr-sa-i-transform-payload-SA-Life-Duration-type |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdr-sa-i-transform-payload-SA-Life-Duration-tlv-length |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdr-sa-i-transform-payload-SA-Life-Duration-tv-value |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdr-sa-i-transform-payload-SA-Life-Duration-tlv-value |
X |
- |
- |
- |
- |
X |
X |
- |
main-hdr-sa-i-transform-payload-SA-PRF-type |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdr-sa-i-transform-payload-SA-PRF-tlv-length |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdr-sa-i-transform-payload-SA-PRF-tv-value |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdr-sa-i-transform-payload-SA-PRF-tlv-value |
- |
- |
- |
- |
- |
- |
- |
- |
[passed test-groups omitted] |
|
|
|
|
|
|
|
|
main-hdrc-id-hash-i-identification-payload |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-payload-length |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-payload-id-type |
- |
- |
- |
X |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-payload-protocol-id |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-payload-port |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv4-addr |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-fqdn |
X |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-user-fqdn |
X |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv4-subnet |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv4-subnet-mask |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv6-addr |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv6-subnet |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv6-subnet-mask |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv4-range |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv4-range-addr |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv6-range |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-ipv6-range-addr |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-dn |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-gn |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-identification-data-key-id |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-hash-payload |
- |
- |
- |
- |
- |
- |
- |
- |
main-hdrc-id-hash-i-hash-payload-next-payload |
X |
- |
- |
- |
- |
- |
- |
I |
main-hdrc-id-hash-i-hash-payload-reserved |
X |
- |
- |
- |
- |
- |
- |
I |
main-hdrc-id-hash-i-hash-payload-length |
X |
- |
X |
- |
- |
- |
- |
I |
main-hdrc-id-hash-i-hash-payload-hash-data |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-next-payload |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-mjver |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-mnver |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-exchange-type |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-flags |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-message-id |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-isakmp-header-length |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-length |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-doi |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-situation |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-labeled-domain-identifier |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-length |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-level |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-category-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-secrecy-category-bitmap |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-level |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-category-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-sec-association-payload-integrity-category-bitmap |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-proposal-number |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-protocol-id |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-spi-size |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-number-of-transforms |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-proposal-payload-spi |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-transform-number |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-transform-id |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-reserved2 |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-sa-attributes |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-type |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-tlv-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-tv-value |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Duration-tlv-value |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-type |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-tlv-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-tv-value |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Life-Type-tlv-value |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-type |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-tlv-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-tv-value |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-transform-payload-SA-Key-Length-tlv-value |
- |
- |
- |
- |
- |
X |
X |
I |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-key-exchange-payload-key-exchange-data |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-nonce-payload-nonce-data |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-length |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-id-type |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-protocol-id |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-payload-port |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-ipv4-addr |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-fqdn |
X |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-user-fqdn |
X |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-ipv6-addr |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-dn |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-gn |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdr-sa-ke-nonce-id-i-identification-data-key-id |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdrc-hash-i-isakmp-header |
- |
- |
- |
- |
- |
- |
- |
I |
aggr-hdrc-hash-i-isakmp-header-next-payload |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-isakmp-header-mjver |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-isakmp-header-mnver |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-isakmp-header-exchange-type |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-isakmp-header-flags |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-isakmp-header-message-id |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-isakmp-header-length |
- |
- |
- |
- |
- |
- |
X |
- |
aggr-hdrc-hash-i-hash-payload |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-hash-payload-next-payload |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-hash-payload-reserved |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-hash-payload-length |
- |
- |
- |
- |
- |
- |
- |
- |
aggr-hdrc-hash-i-hash-payload-hash-data |
- |
- |
- |
- |
- |
- |
- |
- |
[passed test-groups omitted] |
|
|
|
|
|
|
|
|
Legend:
-
nnn: Each different test-run (tr-nnn) represents a different tested
implementation.
-
X: Verdict is failed
-
I: Verdict is inconclusive
-
-: Verdict is passed
-
?: Verdict is unknown
Please note that if a subject fails in a format string (fmtstring)
test-group, the failure may be caused by a buffer overflow condition
with a very long format string as a trigger. Should an implementation
have failed in a format string category, but not in previous overflow
category, it is then likely to contain a format string type of
vulnerability.
The results are further summarised in the table below.
Test-results summary
Test-run # |
Total test-cases |
Failed test-cases |
Total groups |
Failed groups (inconclusive) |
tr-001 |
5000 |
n |
268 |
8 |
tr-002 |
5000 |
0 |
268 |
0 |
tr-003 |
5000 |
6 |
268 |
1 |
tr-004 |
5000 |
0 |
268 |
0 |
tr-005 |
5000 |
n |
268 |
1 |
tr-006 |
5000 |
n |
268 |
2 |
tr-007 |
5000 |
n |
268 |
3 |
tr-008 |
5000 |
n |
268 |
0(66) |
Legend:
-
N: We were unable to determine the exact number of failures. See the
more detailed tables above.
To support the vulnerability reporting process, typically one exploit
per implementation is refined and included in the respective
vulnerability report. The exploit is only intended for demonstration
purposes and is harmless as it is. Simplest of them only executes some
harmless commands in the target system, typically with the privileges
of the vulnerable process. Some only provide a demonstration by
causing a Denial of Service (DoS) against the software.
To support the vulnerability reports to the respective vendors,
following exploits were developed:
The test-material is distributed as a JAR package. The package
comprises of the following elements:
-
Test-cases located in
org/ouspg/testcases/ directory
-
Codenomicon Toolkit Engine for feeding the test-cases against the
system under test.
-
LICENSE.TXT
- License for the test-material package
-
README.TXT
- Very short instructions
The license allows free use and redistribution of the test-material
package. However, modifying the test-material package is not allowed
without a permission. See the license file for more information.
We recommend some additional guidelines, although these do not
restrict the test-material licence. These guidelines can
be found from the
"Test-suite releases in Theory and Practice"
document.
A prerequisite for using the test-material is a properly configured
and started implementation, preferably not in an open network. The
implementation should be configured to allow the following parameters:
- Encryption algorithm: 3DES-CBC
- Hash algorithm: HMAC-SHA-1
- Authentication method: Pre-shared key
- Group description: 1024 bit MODP (Oakley 2)
In addition, Java is required to execute the test-cases. The package has
been tested on Java 2 Platform, Standard Edition (J2SE) versions 1.4.0
and 1.4.2. [8]
The test-material is used through a command line interface. The
test-material is run with java, using the -jar switch.
The command java -jar c09-isakmp-r2.jar
--help displays the built-in help for the available command
line options:
--host host Target hostname or IP (required)
--id id Your ISAKMP identity IPv4 address (required)
--secret secret Shared secret (required)
--port port Target port (500)
--sourceport port Source port (500)
--index index Test case index, e.g. 0,1-6,50-
--timeout timeout Timeout (ms) to wait for reply (2500)
--delay delay Delay (ms) between test cases (1000)
--showsent Show sent messages (off)
--showreceived Show received messages (off)
--instrument Use valid-case instrumentation (off)
--validcase case Index to use in valid-case instrumentation (0)
--help Show command line help
The minimal command line required to run all test-cases from host
10.10.10.1 against host 10.10.10.2 would then be
java -jar c09-isakmp-r2.jar --host 10.10.10.2
--id 10.10.10.1 --secret deadbeef where deadbeef
would be the shared secret.
Please see Appendix B for commonly
encountered error messages when using the test-material.
Use of latest release (highest number) is recommended. Older
releases are provided for completeness and reproduction.
Although this test-suite only scratches the complex ISAKMP/IKE
protocol, many of the implementations available for evaluation failed
to perform in a robust manner under the test. Some failures had
information security implications, and should be considered as
vulnerabilities. Therefore, this robustness test-material should be
adopted for evaluation and development of ISAKMP/IKE products.
We wish to express our gratitude to individual vendors who worked with
us to protect their customers. We are in debt to
Sonera Corporation,
CERT-FI and
The Finnish Defence Forces for
providing us facilities and support in determining the impact of the
test-suite. Again, we thank
CERT-FI and
NISCC for their advice and
active role during the vulnerability process.
The most common sources for vulnerability information and exploits
were covered and cross checked for potential and already known
vulnerabilities in the implementations of the chosen protocol. Typical
sources for finding out about existing vulnerabilities are databases
and mailing-lists. Search-engines may also reveal information on past
vulnerabilities.
Following prior vulnerabilities, in no particular order, were
identified as ISAKMP/IKE related:
-
"Cisco IOS Unauthorized Security Association Establishment Vulnerability"
[9]
-
"Cisco IOS Easy VPN Server XAUTH Authentication Bypass Vulnerability"
[10]
-
"KAME Racoon Malformed ISAKMP Packet Headers Denial of Service
Vulnerability" [11]
-
"OpenBSD ISAKMPD Kernel Heap Buffer Overflow Local Denial Of Service
Vulnerability" [12]
-
"Entrust LibKMP ISAKMP Library Remote IPsec/ISAKMP Buffer Overflow
Vulnerability" [13]
-
"OpenBSD ISAKMPD Security Association Piggyback Delete Payload Denial
Of Service Vulnerability" [14]
-
"Check Point VPN-1 ISAKMP Remote Buffer Overflow Vulnerability"
[15]
-
"KAME Racoon Malformed ISAKMP Packet Denial of Service Vulnerability"
[16]
-
"TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability"
[17]
-
"TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability"
[18]
-
"OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability"
[19]
-
"OpenBSD ISAKMPD Malformed IPSEC SA Payload Denial Of Service
Vulnerability" [20]
-
"OpenBSD ISAKMPD Malformed CERT Request Payload Denial Of Service
Vulnerability" [21]
-
"OpenBSD ISAKMPD Delete Payload Denial Of Service Vulnerability"
[22]
-
"OpenBSD ISAKMPD Memory Leak Denial Of Service Vulnerability"
[23]
-
"Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload
Buffer Overflow Vulnerability" [24]
-
"TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability"
[25]
-
"TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow
Vulnerabilities" [26]
-
"ISAKMPD "Initial Contact" Notification SA Deletion Vulnerability"
[27]
-
"ISAKMPD "Invalid SPI" SA Deletion Vulnerability"
[28]
-
"OpenBSD isakmpd Multiple IKE Payload Handling Security Weaknesses"
[29]
-
"TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability"
[30]
-
"Cisco VPN 3000 Series Concentrator ISAKMP Denial of Service
Vulnerabilities" [31]
-
"OpenBSD isakmpd IKE Payloads Denial Of Service Vulnerability"
[32]
-
"KAME Racoon Remote IKE Message Denial Of Service Vulnerability"
[33]
-
"Cisco IOS Malformed IKE Packet Remote Denial Of Service
Vulnerability" [34]
-
"Racoon IKE Daemon Unauthorized X.509 Certificate Connection
Vulnerability" [35]
-
"HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalation
Vulnerability" [36]
-
"Multiple Vendor IKE Implementation Certificate Authenticity
Verification Vulnerability" [37]
-
"Multiple Vendor IKE Insecure XAUTH Implementation Vulnerabilities"
[38]
-
"OpenBSD isakmpd Multiple IKE Payload Handling Security Weaknesses"
[29]
-
"Check Point VPN-1 IKE Aggressive Mode Forcing Vulnerability"
[39]
-
"Netscreen-Remote VPN Client IKE Packet Excessive Payloads
Vulnerability" [40]
-
"PGPFreeware Malformed IKE Response Packet Buffer Overflow
Vulnerability" [41]
-
"Cisco VPN Client Zero Length IKE Packet Denial Of Service
Vulnerability" [42]
-
"Cisco VPN Client IKE Security Parameter Index Payload Buffer Overflow
Vulnerability" [43]
-
"Cisco VPN Client IKE Packet Excessive Payloads Vulnerability"
[44]
-
"OpenBSD isakmpd IKE Payloads Denial Of Service Vulnerability"
[32]
-
"IKE Aggressive Mode Shared Secret Hash Leakage Weakness"
[45]
During the prerelease phase all verified vulnerabilities were reported
to the respective vendors. The vulnerability reports were tracked by
CERT-FI and NISCC in the role of independent coordinators and
advisors. An attempt was made to seek a channel to distribute the test
material to vendors whose products we were not able to obtain for
testing.
Vendor statements or security advisories issued in order to address
the vulnerabilities uncovered by this test-suite are
collected. Advisories that we are aware of are listed here-in:
-
- [1]
-
"PROTOS - Security Testing of Protocol Implementations".
University of Oulu.
http://www.ee.oulu.fi/research/ouspg/protos.
-
- [2]
-
Piper.
(1998).
"RFC 2407 - The Internet IP Security Domain of Interpretation for ISAKMP".
Network Working Group.
http://www.ietf.org/rfc/rfc2407.txt.
[Accessed: 2004-03-11].
-
- [3]
-
Maughan, et. al..
(1998).
"RFC 2408 - Internet Security Association and Key Management Protocol (ISAKMP)".
Network Working Group.
http://www.ietf.org/rfc/rfc2408.txt.
[Accessed: 2004-03-10].
-
- [4]
-
Harkins & Carrel.
(1998).
"RFC 2409 - The Internet Key Exchange (IKE)".
Network Working Group.
http://www.ietf.org/rfc/rfc2409.txt.
[Accessed: 2004-03-11].
-
- [5]
-
Orman.
(1998).
"RFC 2412 - The OAKLEY Key Determination Protocol".
Network Working Group.
http://www.ietf.org/rfc/rfc2412.txt.
[Accessed: 2004-03-11].
-
- [6]
-
Internetweek.com.
"VPN Vendor and Service Provider Links".
http://www.internetweek.com/VPN/links.htm.
-
- [7]
-
VPNlabs.
(2002).
"VPN Products and Services".
http://www.vpnlabs.org/vpn-categories/Products-Services/46/index.html.
-
- [8]
-
"Java[tm] 2 Platform, Standard Edition v 1.4.2 Overview".
Sun Microsystems.
http://java.sun.com/j2se/1.4.2/.
-
- [9]
-
Cisco.
(2005).
"Cisco IOS Unauthorized Security Association Establishment Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/13033.
-
- [10]
-
Cisco.
(2005).
"Cisco IOS Easy VPN Server XAUTH Authentication Bypass Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/13031.
-
- [11]
-
S. Krahmer.
(2005).
"KAME Racoon Malformed ISAKMP Packet Headers Denial of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/12804.
-
- [12]
-
S. Miltchev.
(2004).
"OpenBSD ISAKMPD Kernel Heap Buffer Overflow Local Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/11928.
-
- [13]
-
M. Dowd & N. Mehta.
(2004).
"Entrust LibKMP ISAKMP Library Remote IPsec/ISAKMP Buffer Overflow Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/11039.
-
- [14]
-
T. Walpuski.
(2004).
"OpenBSD ISAKMPD Security Association Piggyback Delete Payload Denial Of Service Vulnerabilit".
SecurityFocus.
http://online.securityfocus.com/bid/10496.
-
- [15]
-
Check Point Software.
(2004).
"Check Point VPN-1 ISAKMP Remote Buffer Overflow Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10273.
-
- [16]
-
KAME.
(2004).
"KAME Racoon Malformed ISAKMP Packet Denial of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10172.
-
- [17]
-
Rapid7.
(2004).
"TCPDump ISAKMP Delete Payload Buffer Overrun Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10003.
-
- [18]
-
Rapid7.
(2004).
"TCPDump ISAKMP Identification Payload Integer Underflow Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10004.
-
- [19]
-
OpenBSD.
(2004).
"OpenBSD ISAKMPD Zero Payload Length Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10028.
-
- [20]
-
OpenBSD.
(2004).
"OpenBSD ISAKMPD Malformed IPSEC SA Payload Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10029.
-
- [21]
-
OpenBSD.
(2004).
"OpenBSD ISAKMPD Malformed CERT Request Payload Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10030.
-
- [22]
-
OpenBSD.
(2004).
"OpenBSD ISAKMPD Delete Payload Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10031.
-
- [23]
-
OpenBSD.
(2004).
"OpenBSD ISAKMPD Memory Leak Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10032.
-
- [24]
-
M. Dowd & N. Mehta.
(2004).
"Check Point VPN-1/SecuRemote ISAKMP Large Certificate Request Payload Buffer Overflow Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/9582.
-
- [25]
-
G. Bakos.
(2004).
"TCPDump ISAKMP Decoding Routines Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/9507.
-
- [26]
-
G. Bakos & J. Heusser.
(2004).
"TCPDump ISAKMP Decoding Routines Multiple Remote Buffer Overflow Vulnerabilities".
SecurityFocus.
http://online.securityfocus.com/bid/9423.
-
- [27]
-
T. Walpuski.
(2004).
"ISAKMPD "Initial Contact" Notification SA Deletion Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/9334.
-
- [28]
-
T. Walpuski.
(2004).
"ISAKMPD "Invalid SPI" SA Deletion Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/9333.
-
- [29]
-
T. Walpuski.
(2003).
"OpenBSD isakmpd Multiple IKE Payload Handling Security Weaknesses".
SecurityFocus.
http://online.securityfocus.com/bid/8964.
-
- [30]
-
A. Griffiths.
(2003).
"TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/6974.
-
- [31]
-
Cisco.
(2003).
"Cisco VPN 3000 Series Concentrator ISAKMP Denial of Service Vulnerabilities".
SecurityFocus.
http://online.securityfocus.com/bid/5619.
-
- [32]
-
OpenBSD.
(2003).
"OpenBSD isakmpd IKE Payloads Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5589.
-
- [33]
-
J. Lampe.
(2004).
"KAME Racoon Remote IKE Message Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10296.
-
- [34]
-
Cisco.
(2004).
"Cisco IOS Malformed IKE Packet Remote Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10083.
-
- [35]
-
R. Spenneberg.
(2004).
"Racoon IKE Daemon Unauthorized X.509 Certificate Connection Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/10072.
-
- [36]
-
HP advisory.
(2004).
"HP Tru64 UNIX Unspecified IPsec/IKE Remote Privilege Escalation Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/9803.
-
- [37]
-
T.L. Simon.
(2003).
"Multiple Vendor IKE Implementation Certificate Authenticity Verification Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/9208.
-
- [38]
-
T.L. Simon.
(2003).
"Multiple Vendor IKE Insecure XAUTH Implementation Vulnerabilities".
SecurityFocus.
http://online.securityfocus.com/bid/9209.
-
- [39]
-
Check Point.
(2002).
"Check Point VPN-1 IKE Aggressive Mode Forcing Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5920.
-
- [40]
-
Netscreen Security Advisory.
(2002).
"Netscreen-Remote VPN Client IKE Packet Excessive Payloads Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5668.
-
- [41]
-
A. Rager.
(2002).
"PGPFreeware Malformed IKE Response Packet Buffer Overflow Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5449.
-
- [42]
-
A. Rager.
(2002).
"Cisco VPN Client Zero Length IKE Packet Denial Of Service Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5440.
-
- [43]
-
A. Rager.
(2002).
"Cisco VPN Client IKE Security Parameter Index Payload Buffer Overflow Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5441.
-
- [44]
-
A. Rager.
(2002).
"Cisco VPN Client IKE Packet Excessive Payloads Vulnerability".
SecurityFocus.
http://online.securityfocus.com/bid/5443.
-
- [45]
-
J. Pliam.
(1999).
"IKE Aggressive Mode Shared Secret Hash Leakage Weakness".
SecurityFocus.
http://online.securityfocus.com/bid/7423.
Erratum: The pr1 version of test-material contained
the following bugs.
Exceptional element category ee-string included
characters that were not encoded correctly in the test material. As a
result, some test-cases were too large to send via UDP and the
following kind of error messages were displayed:
ERROR error sending: Message too long
ERROR error sending: errno: 0, error: sendto failed
The size of the UDP socket input buffer was too
small. The following kind of error message was shown:
ERROR decoded 4068 octet payload, but length was 4108
Informational exchange test-groups (prefix "info-")
had a wrong ISAKMP major version number (0). Due the bug, some
implementations may have ignored these test-groups.
The maximum amount of repeats in exceptional element category
ee-repeat was too high.
Erratum: The pr2 and r1 versions of test-material contain
the following bugs.
The Encryption bit in the hash-information message
is incorrectly set to 0.
The test group phase1-aggr-hdr-sa-ke-nonce-id-i-identification-payload-protocol-id has 10 extraneous test cases.
Many of the error messages are due to fact that IKE is communicated
from port 500 to port 500. Therefore, port 500 sometimes receives
packets not related to the current message exchange (test case).
ERROR error reading: Receive timed out
Explanation: Test suite did not receive a response within specified
timeout (timeout command line option). May indicate an availability
problem in test subject if the message is valid. For a malformed
message, this error means probably that the test subject has decided
not to respond.
ERROR Expected 0x00, got 0x4c (under <message-id>)
Explanation: Message-id in ISAKMP generic header is always zero (0x00)
during phase 1 negotiation (ISAKMP SA negotiation). However, during
phase 2 (quick mode) it is non-zero. This error message indicates that
one or more phase 1 negotiations has been completed and the test
subject tries to communicate with phase 2 messages. Can be mitigated
by deleting ISAKMP SAs in test subject.
ERROR Expected (0x00 0x00 0x01 0x04
0x37 0x80 0x5c 0x88), got (0x00 0x00 0x01 0x04
0x37 0x80 0x4e 0xa6) (under <cookie-i>)
ERROR Expected (0xf5 0xea 0xb4 0xed
0x0e 0x72 0xfe 0x05), got (0x24 0x9c 0x7c 0x47
0x90 0x3d 0x9a 0xcc) (under <cookie-r>)
Explanation: Either cookie field in the generic ISAKMP header is
different than the one used in current phase 1 negotiation (test
case). One or more phase 1 negotiations has been initiated but not
finished. The test subject tries to finish one of these prior
negotiations. Can be mitigated by removing outstanding phase 1
negotations or limiting the phase 1 timeout/retries in the test
subject.
ERROR DESede/CBC/NoPadding decyption failed due illegal
input block size
Explanation: Decryption error. Test suite expects a certain kind of
encrypted packet but receives a unencrypted packet or packet encrypted
with a different key.
ERROR detected a loop made up of repeats of <OCTET>,
out-of-memory would result (under <nonce-r-data-main>)
Explanation: Test suite did not receive responder's nonce data because
the test subject did not send a Nonce payload. Might be because of a
very malformed test case. Test suite tries to process the
uninitialized value of responder's nonce data which is set to infinite
amount of octets (because it is a variable length field).
A survey of related ISAKMP/IKE test-suites was conducted.
-
http://www.codenomicon.com/products/internet/isakmp/
"Codenomicon ISAKMP/IKE Test Tool helps proactively eliminate security
flaws in ISAKMP/IKE implementations."
-
http://www.rapid7.com
"Rapid7 Striker ISAKMP Protocol Test Suite is an ISAKMP packet
generation tool that automatically produces and sends invalid and/or
atypical ISAKMP packets."
[This page is CSS2 enabled. Your browser might not fully support it]
|