SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (VPN)  >   Racoon Vendors:   KAME Project
Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values
SecurityTracker Alert ID:  1009937
SecurityTracker URL:  http://securitytracker.com/id/1009937
CVE Reference:   CAN-2004-0403   (Links to External Site)
Date:  Apr 26 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 20040408a
Description:   A denial of service vulnerability was reported in Racoon. A remote user can cause Racoon to crash.

It is reported that a remote user can send a specially crafted ISAKMP header with a very large value in the length field to cause Racoon to attempt to allocate more memory than is available. As a result, the Racoon process may be terminated, the report said.

Impact:   A remote user can cause the Racoon daemon to crash.
Solution:   The vendor has issued a fix as of version 20040408a, available via CVS at:

http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181

Vendor URL:  www.kame.net/racoon/ (Links to External Site)
Cause:   Input validation error, Resource error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 26 2004 (Gentoo Issues Fix for ipsec-tools and iputils) Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values   (Kurt Lieber <klieber@gentoo.org>)
Gentoo has released a fix for ipsec-tools and iputils.
May 4 2004 (Apple Issues Fix for Mac OS X) Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values   (Apple Product Security <product-security@apple.com>)
Apple has released a fix for Mac OS X.
May 12 2004 (Red Hat Issues Fix for RH Enterprise Linux) Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values   (bugzilla@redhat.com)
Red Hat has released a fix for Red Hat Enterprise Linux 3.
May 20 2004 (Fedora Issues Fix) Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values   (Bill Nottingham <notting@redhat.com>)
Fedora has released a fix.
Jul 15 2004 (Mandrake Issues Fix) Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.



 Source Message Contents

Date:  Sun, 25 Apr 2004 01:51:53 -0400
Subject:  http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html


http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html

   Copyright 2003, 2004 Jacques Vidrine and contributors

   Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
   HTML, PDF, PostScript, RTF and so forth) with or without modification,
   are permitted provided that the following conditions are met:
   1. Redistributions of source code (VuXML) must retain the above
      copyright notice, this list of conditions and the following
      disclaimer as the first lines of this file unmodified.
   2. Redistributions in compiled form (transformed to other DTDs,
      published online in any format, converted to PDF, PostScript,
      RTF and other formats) must reproduce the above copyright
      notice, this list of conditions and the following disclaimer
      in the documentation and/or other materials provided with the
      distribution.

   THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
   THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
   BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
   OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
   OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
   OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
   EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Any other content, including layout and presentation format, is

   Copyright 2004 Jacques Vidrine and contributors

racoon remote denial of service vulnerability (ISAKMP header length field)
Affected packages

racoon 	< 	20040408a

Details
VuXML ID 	ccd698df-8e20-11d8-90d1-0020ed76ef5a
Discovery 	2004-03-31
Entry 	2004-04-14

When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for 
the entire ISAKMP message according to the header's length field. If an attacker crafts an 
ISAKMP header with a ridiculously large value in the length field, racoon may exceed 
operating system resource limits and be terminated, resulting in a denial of service.

References

CVE Name 	CAN-2004-0403
URL 	http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC