royhills
commented
8 years ago Do you have the CVE number or some reference to the vulnerability>
Open dimpol opened 8 years ago
royhills
commented
8 years ago Do you have the CVE number or some reference to the vulnerability>
dimpol
commented
8 years ago https://blog.exodusintel.com/2016/02/10/firewall-hacking/ CVE-2016-1287 I would just like to verify that the vulnerability is present somehow..... And thank you very much for checking my request !!!
royhills
commented
8 years ago Thanks for the link.
I think the ike-scan code could be adapted to check for this, but the current options can't generate a packet that will check this.
The exploit relies on the server mishandlink IKE fragmentation, which isn't something that ike-scan does at the moment. It would be possible to add this functionality, and the IKE packet generation code is in isakmp.c.
But you may find it easier to craft a packet using scapy or another packet crafting tool.
If I get time I may look into this, but I don't spend a lot of time working on ike-scan nowadays. Of course, a pull request would be gratefully received :-)
dimpol
commented
8 years ago Thank you very much for your time to check this out. I think i maybe give isakmp.c a try....
claudijd
commented
8 years ago @dimpol another packet crafting option is PacketFu - https://github.com/packetfu/packetfu (a scapy-like alternative that is supported in Metasploit)
Hi, Any ideas on how ike-scan can be configured to detect the cisco asa ike buffer overflow?