admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'cna/certcc/update' of https://github.com/CERTCC/cvelist

Browse Source
This commit is contained in:
CVE Team 2018-09-06 16:36:17 -04:00
commit 313422c5a0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 166 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
2018/5xxx/CVE-2018-5389.json
View File

@ -1,18 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5389",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5389",
"STATE": "PUBLIC",
"TITLE": "Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Key Exchange Protocol",
"version": {
"version_data": [
{
"affected": "=",
"version_name": "Version 1",
"version_value": "Version 1 Main Mode"
}
]
}
}
]
},
"vendor_name": "Internet Engineering Task Force"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Martin Grothe, Joerg Schwenk, and Dennis Felsch of the Ruhr-University Bochum, and Adam Czubak and Marcin Szymanek of the University of Opole for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. \n\nThis vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-323"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#857035",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/857035"
},
{
"name": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html",
"refsource": "MISC",
"url": "https://web-in-security.blogspot.com/2018/08/practical-dictionary-attack-on-ipsec-ike.html"
},
{
"name": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf",
"refsource": "MISC",
"url": "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-felsch.pdf"
},
{
"name": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key",
"refsource": "MISC",
"url": "https://blogs.cisco.com/security/great-cipher-but-where-did-you-get-that-key"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

95
2018/5xxx/CVE-2018-5391.json
View File

@ -1,18 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5391",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2018-5391",
"STATE": "PUBLIC",
"TITLE": "The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"affected": ">=",
"version_name": "3.9",
"version_value": "3.9"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Juha-Matti Tilli (Aalto University, Department of Communications and Networking / Nokia Bell Labs) for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. \n\nVarious vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#641765",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/641765"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}