[VIM] How CVE is handling the ISAKMP mess

Steven M. Christey coley at linus.mitre.org
Fri Nov 18 15:52:53 EST 2005

The "status" fields in the CERT VU list a few vulnerable implementations
with pointers to advisories.  That's more information than in the original
NISCC advisory.

- Steve

On Fri, 18 Nov 2005, security curmudgeon wrote:

> : FYI.  For the ISAKMP PROTOS mess, I've decided to create 3 generic CANs
> : - one for "denial of service," one for format strings, and one for
> : buffer overflows - then create specific CANs for specific
> : implementations when available.  One problem with this is that most
> : vendors probably won't provide enough details to know which type of
> : issue they're vulnerable to.  Cisco just said "denial of service" but
> : one wonders if they're vulnerable to buffer overflows and are assuming
> : that their newfangled overflow protection is just a DoS, but I digress.
> OSVDB did close.. one generic entry for Denial of Service, one for
> 'Unspecified' which will cover BO/FS stuff, as we get details. From there
> we'll split it out by vendor or protocol issue.

More information about the VIM mailing list