CVE Vulnerabilities

CVE-2008-1198

Published: Mar 06, 2008 | Modified: Feb 03, 2022
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
RedHat/V2
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V3
Ubuntu
LOW

The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.

Affected Software

Name Vendor Start Version End Version
Enterprise_linux Redhat 4.0 (including) 4.0 (including)
Enterprise_linux Redhat 3.0 (including) 3.0 (including)
Enterprise_linux Redhat 5.0 (including) 5.0 (including)
Red Hat Enterprise Linux 5 RedHat initscripts-0:8.45.42-1.el5 *

References