Buffer Overflow in Symantec Dynamic VPN Services Affects Enterprise Firewall and Security Appliances
CVE-2005-3768

Currently unrated

Key Information:

Vendor: Symantec
Status: Enterprise Firewall
Vendor: CVE Published:; 23 November 2005

What is CVE-2005-3768?

A buffer overflow vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation within Symantec Dynamic VPN Services allows remote attackers to send crafted IKE packets. This could lead to a denial of service or potentially enable the execution of arbitrary code. The threat is demonstrated by the PROTOS ISAKMP Test Suite that targets IKEv1 protocols, highlighting the severity of exploiting this flaw across various Symantec security products.

References

http://securitytracker.com/id?1015247

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/17684

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2005/2517

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2005
Vulnerability Reserved
Nov 22, 2005