CVE-2008-1198

EUVD-2008-1207
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux
4.0
redhatenterprise_linux
3.0
redhatenterprise_linux
5.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ipsec-tools
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
References
http://secunia.com/advisories/48045
http://www.ernw.de/download/pskattack.pdf
http://www.securitytracker.com/id?1019563
https://bugzilla.redhat.com/show_bug.cgi?id=435274
https://exchange.xforce.ibmcloud.com/vulnerabilities/41053
http://secunia.com/advisories/48045
http://www.ernw.de/download/pskattack.pdf
http://www.securitytracker.com/id?1019563
https://bugzilla.redhat.com/show_bug.cgi?id=435274
https://exchange.xforce.ibmcloud.com/vulnerabilities/41053