Notified: July 02, 2002 Updated: August 06, 2002
Not Affected
Mac OS X and Mac OS X Server do not contain the vulnerability described in this report.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 03, 2002 Updated: August 13, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 08, 2002 Updated: August 09, 2002
Affected
Please see http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
The vendor has not provided us with any further information regarding this vulnerability.
According to the report, the Cisco VPN Client 3.5 running on Windows NT 4.0 SP6 contains two buffer overflows, one of which may be exploitable. In addition, the Client contains two denial-of-service conditions.
Updated: September 05, 2002
Not Affected
Clavister Firewall with VPN module: Not vulnerable. Clavister VPN Client: Not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: August 06, 2002
Not Affected
Cray, Inc. is not vulnerable as there are no IKE implementations in any of its products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: September 05, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The isakmpd port is vulnerable: -----BEGIN PGP SIGNED MESSAGE----- FreeBSD-SN-02:05 Security Notice
The FreeBSD Project Topic: security issues in ports
Announced: 2002-08-28 I. Introduction Several ports in the FreeBSD Ports Collection are affected by security
issues. These are listed below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless
otherwise noted. These ports are not installed by default, nor are they ``part of
FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of
third-party applications in a ready-to-install format. FreeBSD makes
no claim about the security of these third-party applications. See
Updated: May 15, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 12, 2002 Updated: August 05, 2002
Unknown
F-Secure is investigating this potential vulnerability in F-Secure VPN+ products. A status update will be posted to CERT on 2002-08-19. For further information, please contact F-Secure-VPN-Support@F-Secure.com.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: August 12, 2002
Not Affected
Regarding VU#287771, Fujitsu's UXP/V is not affected. UXP/V does not support IKE.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: February 05, 2003
Not Affected
Source: Hewlett-Packard Company Software Security Response Team
cross reference id: SSRT2273 HP-UX - not vulnerable
HP-MPE/ix - not vulnerable
HP Tru64 UNIX - not vulnerable
HP OpenVMS - not vulnerable
HP NonStop Servers - not vulnerable To report potential security vulnerabilities in HP software, send an E-mail message to:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: September 05, 2002
Not Affected
We've checked up on our router (Hitachi,Ltd. GR2000 series) about VU#459371 and VU#287771. Our IPsec and IKE implemantations are NOT vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: December 11, 2002
Not Affected
IBM's AIX is not vulnerable to the issues discussed in CERT Vulnerability Note VU#287771.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 03, 2002 Updated: August 12, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: August 12, 2002
Not Affected
Microsoft has conducted a thorough investigation based on this report. Microsoft products are not affected by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: June 24, 2003
Not Affected
sent on April 3, 2002 [Server Products] EWS/UP 48 Series operating system - is NOT vulnerable because it does not support IKE. [Router Products] IX 5000 Series - is NOT vulnerable. IX 1000 / 2000 Series - is NOT vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: September 05, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The isakmpd port is vulnerable: http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/security/isakmpd/Makefile?rev=1.21&content-type=text/x-cvsweb-markup
Updated: February 05, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 08, 2002 Updated: September 10, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
According to the report, PGPFreeware 7.03 running on Windows NT 4.0 SP6 appears to contain a buffer overflow. NAI has released a PGP Hotfix titled CERT-IKE-PGPHotfix20020807.zip that is available at the following location: http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp
Notified: June 20, 2002 Updated: August 12, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 17, 2002 Updated: August 20, 2002
Not Affected
The Contivity Platform, which consists of the:
The vendor has not provided us with any further information regarding this vulnerability.
According to the report, the Nortel Extranet Access Client is not vulnerable.
Notified: July 02, 2002 Updated: February 05, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 10, 2002 Updated: September 05, 2002
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
According to the report, PGPFreeware 7.03 running on Windows NT 4.0 SP6 appears to contain a buffer overflow. NAI has released a PGP Hotfix titled CERT-IKE-PGPHotfix20020807.zip that is available at the following location: http://www.nai.com/naicommon/download/upgrade/patches/patch-pgphotfix.asp
Notified: July 02, 2002 Updated: August 16, 2002
Not Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: May 13, 2002 Updated: August 20, 2002
Affected
Please see http://www.safenet-inc.com/knowledgebase/read_item.asp?ID=375
The vendor has not provided us with any further information regarding this vulnerability.
Based on tests performed by the reporter, SafeNet VPN client software is vulnerable.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: August 12, 2002
Not Affected
SGI does not currently implement IKE in their products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: April 01, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
According to the release notes, SonicWALL firmware 6.4.0.1 addresses this issue.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 12, 2002 Updated: August 12, 2002
Not Affected
SSH Communications Security's products are not impacted by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: August 05, 2002
Not Affected
The Solaris in.iked daemon for Internet Key Exchange (IKE) [new to Solaris 9] and the SunScreen 3.2 ss_iked daemon for Internet Key Exchange (IKE) are not vulnerable to the issues described in the report. Both IKE daemons do not implement aggressive mode and therefore the vulnerabilities described in this report do not affect the Sun IKE daemons, in.iked and ss_iked, both daemons reject the response packet immediately.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: August 12, 2002
Not Affected
We reviewed critical parts of pluto (the daemon handling IKE) such as the code responsible for assembling and parsing IKE packets. We found no overflows or other bugs which could have security impacts.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 02, 2002 Updated: July 03, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.