CVE-2007-2989 - Vulnerability Details - OpenCVE

The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sun	Solaris

Configuration 1 [-]

OR	cpe:2.3:o:sun:solaris:9.0::sparc:::::
	cpe:2.3:o:sun:solaris:9.0::x86:::::

No data.

References

Link	Providers
http://osvdb.org/36584
http://secunia.com/advisories/25465
http://secunia.com/advisories/25661
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1
http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm
http://www.securityfocus.com/bid/24209
http://www.securitytracker.com/id?1018134
http://www.vupen.com/english/advisories/2007/1982
http://www.vupen.com/english/advisories/2007/2188
https://exchange.xforce.ibmcloud.com/vulnerabilities/34576
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1966

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-01T10:00:00

Updated: 2024-08-07T13:57:54.895Z

Reserved: 2007-05-31T00:00:00

Link: CVE-2007-2989

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-01T10:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2989

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "25465", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25465"}, {"name": "36584", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36584"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm"}, {"name": "ADV-2007-1982", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1982"}, {"name": "solaris-iniked-dos(34576)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34576"}, {"name": "24209", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24209"}, {"name": "ADV-2007-2188", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2188"}, {"name": "102745", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1"}, {"name": "1018134", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018134"}, {"name": "25661", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25661"}, {"name": "oval:org.mitre.oval:def:1966", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1966"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2989", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "25465", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25465"}, {"name": "36584", "refsource": "OSVDB", "url": "http://osvdb.org/36584"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm"}, {"name": "ADV-2007-1982", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1982"}, {"name": "solaris-iniked-dos(34576)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34576"}, {"name": "24209", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24209"}, {"name": "ADV-2007-2188", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2188"}, {"name": "102745", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1"}, {"name": "1018134", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018134"}, {"name": "25661", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25661"}, {"name": "oval:org.mitre.oval:def:1966", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1966"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.895Z"}, "title": "CVE Program Container", "references": [{"name": "25465", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25465"}, {"name": "36584", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36584"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm"}, {"name": "ADV-2007-1982", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1982"}, {"name": "solaris-iniked-dos(34576)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34576"}, {"name": "24209", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24209"}, {"name": "ADV-2007-2188", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2188"}, {"name": "102745", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1"}, {"name": "1018134", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018134"}, {"name": "25661", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25661"}, {"name": "oval:org.mitre.oval:def:1966", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1966"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2989", "datePublished": "2007-06-01T10:00:00", "dateReserved": "2007-05-31T00:00:00", "dateUpdated": "2024-08-07T13:57:54.895Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*", "matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298."}, {"lang": "es", "value": "La biblioteca libike de Sun Solaris 9 versiones anteriores a 20070529 contiene un error l\u00f3gico referido a un puntero concreto, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio in.iked) al enviar paquetes UDP concretos con un puerto origen distinto al 500.\r\nNOTA. Esta vulnerabilidad podr\u00eda solaparse con CVE-2006-2298."}], "id": "CVE-2007-2989", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-01T10:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36584"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25465"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25661"}, {"source": "cve@mitre.org", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24209"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018134"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1982"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2188"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34576"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36584"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/25465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102745-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-227.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24209"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2188"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1966"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}