CVE-2005-3674
Description
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*+ 2 more
- cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- (no CPE)range: 9 and 10
Patches
Vulnerability mechanics
Root cause
"The IKEv1 implementation in libike fails to properly handle malformed IKE packets, leading to a crash of the in.iked daemon."
Attack vector
An unauthenticated remote attacker can send specially crafted IKE packets to a vulnerable Solaris 9 or 10 system running in.iked. The attack is demonstrated by the PROTOS ISAKMP Test Suite for IKEv1, which generates malformed IKE packets that trigger a crash. No authentication or prior access is required, making the attack vector purely network-based.
Affected code
The vulnerability resides in the IKEv1 implementation within the libike library on Sun Solaris 9 and 10, specifically in the in.iked daemon. The advisory does not specify exact function names or file paths.
What the fix does
The advisory does not include a patch or detailed remediation for Solaris. It only notes that the issue was demonstrated by the PROTOS ISAKMP Test Suite and that the exact CVE overlap is unclear. No fix is published in this bundle.
Preconditions
- configThe target must be running Sun Solaris 9 or 10 with the libike library and in.iked daemon active.
- networkThe attacker must be able to send IP packets to the target's IKE port (UDP 500).
Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
9- sunsolve.sun.com/search/document.donvdVendor Advisory
- www.kb.cert.org/vuls/id/226364nvdThird Party AdvisoryUS Government Resource
- www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdfnvdVendor Advisory
- jvn.jp/niscc/NISCC-273756/index.htmlnvd
- secunia.com/advisories/17554nvd
- securitytracker.com/idnvd
- www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/nvd
- www.securityfocus.com/bid/15420nvd
- www.vupen.com/english/advisories/2005/2417nvd
News mentions
0No linked articles in our index yet.