Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-1198 | First vendor Publication | 2008-03-06 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 7.1 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1198 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:20759 | |||
| Oval ID: | oval:org.mitre.oval:def:20759 | ||
| Title: | RHSA-2012:0312: initscripts security and bug fix update (Low) | ||
| Description: | The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0312-03 CVE-2008-1198 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | initscripts |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:23362 | |||
| Oval ID: | oval:org.mitre.oval:def:23362 | ||
| Title: | ELSA-2012:0312: initscripts security and bug fix update (Low) | ||
| Description: | The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0312-03 CVE-2008-1198 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | initscripts |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:27792 | |||
| Oval ID: | oval:org.mitre.oval:def:27792 | ||
| Title: | DEPRECATED: ELSA-2012-0312 -- initscripts security and bug fix update (low) | ||
| Description: | [8.45.42-1.0.1.el5] - Update oracle-enterprise.patch to do detection on /etc/oracle-release and /etc/enterprise-release - Patch x86_64 sysctl.conf as well as default sysctl.conf - Patch sysctl.conf to default rp_filter to loose reverse path filtering (has no effect for pre-2.6.32 kernels) [orabug 10286227] - Move hwclock into udev rules - Update oracle-enterprise.patch to fix RedHat references in arch specific sysctl.conf files in source tarball - Add oracle-enterprise.patch and update specfile - Don't attempt to re-enslave already-enslaved devices (#455537) (pknirsch@redhat.com) [8.45.42-1] - changed exchange_mode to 'main, aggressive' (#435274) [8.45.41-1] - fix check for dhcp6c pid (#568896) [8.45.40-1] - exit arping on first response (#744734) [8.45.39-1] - suppress remove error message during boot (#679998) - fix logic error with removing arp_ip_target (#745681) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0312 CVE-2008-1198 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | initscripts |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-02-21 | Name : RedHat Update for initscripts RHSA-2012:0312-03 File : nvt/gb_RHSA-2012_0312-03_initscripts.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 43144 | Red Hat Enterprise Linux IPSec ifup Aggressive Mode PSK Hash Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0312.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_initscripts_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0312.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:14:53 |
|
| 2024-11-28 12:15:07 |
|
| 2022-02-04 12:05:43 |
|
| 2021-05-04 12:07:15 |
|
| 2021-04-22 01:07:40 |
|
| 2020-05-23 00:21:24 |
|
| 2018-01-06 09:21:11 |
|
| 2017-08-08 09:23:55 |
|
| 2016-04-26 17:12:10 |
|
| 2014-02-17 10:44:09 |
|
| 2013-05-11 00:11:59 |
|
