Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values
|
|
SecurityTracker Alert ID: 1009937 |
|
SecurityTracker URL: http://securitytracker.com/id/1009937
|
|
CVE Reference:
CAN-2004-0403
(Links to External Site)
|
Date: Apr 26 2004
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 20040408a
|
Description:
A denial of service vulnerability was reported in Racoon. A remote user can cause Racoon to crash.
It is reported that a remote user can send a specially crafted ISAKMP header with a very large value in the length field to cause Racoon to attempt to allocate more memory than is available. As a result, the Racoon process may be terminated, the report said.
|
Impact:
A remote user can cause the Racoon daemon to crash.
|
Solution:
The vendor has issued a fix as of version 20040408a, available via CVS at:
http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181
|
Vendor URL: www.kame.net/racoon/ (Links to External Site)
|
Cause:
Input validation error, Resource error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Sun, 25 Apr 2004 01:51:53 -0400
Subject: http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html
|
http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html
Copyright 2003, 2004 Jacques Vidrine and contributors
Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
HTML, PDF, PostScript, RTF and so forth) with or without modification,
are permitted provided that the following conditions are met:
1. Redistributions of source code (VuXML) must retain the above
copyright notice, this list of conditions and the following
disclaimer as the first lines of this file unmodified.
2. Redistributions in compiled form (transformed to other DTDs,
published online in any format, converted to PDF, PostScript,
RTF and other formats) must reproduce the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Any other content, including layout and presentation format, is
Copyright 2004 Jacques Vidrine and contributors
racoon remote denial of service vulnerability (ISAKMP header length field)
Affected packages
racoon < 20040408a
Details
VuXML ID ccd698df-8e20-11d8-90d1-0020ed76ef5a
Discovery 2004-03-31
Entry 2004-04-14
When racoon receives an ISAKMP header, it will attempt to allocate sufficient memory for
the entire ISAKMP message according to the header's length field. If an attacker crafts an
ISAKMP header with a ridiculously large value in the length field, racoon may exceed
operating system resource limits and be terminated, resulting in a denial of service.
References
CVE Name CAN-2004-0403
URL http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181
|
|
Go to the Top of This SecurityTracker Archive Page
|
