SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   isakmpd Vendors:   OpenBSD
(Partial Fix is Available) Re: OpenBSD ISAKMP Daemon (isakmpd) May Let Remote Users Delete Arbitrary Security Associations
SecurityTracker Alert ID:  1008116
SecurityTracker URL:  http://securitytracker.com/id/1008116
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 7 2003
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Some vulnerabilities were reported in the OpenBSD ISAKMP daemon (isakmpd). A remote user may be able to cause denial of service conditions.

It is reported that the software contains flaws in the processing of delete payloads that may allow a remote user to delete IKE and IPSec security associations (SAs).

The report indicated that, in Quick Mode, isakmpd does not require message encryption. Some Main Mode messages are also affected.

It is reported that isakmpd does not use payload encryption when responding in Quick Mode when the initiator did not apply payload encryption.

It is also reported that isakmpd will accept a Phase 2 message that contains a delete payload but not a hash payload.

It is also reported that "unexpected" hash payloads are not verified.

It is also reported that when the target isakmpd server receives a delete payload during Phase 2 negotiation, the server does not validate whether the sender is the owner of the referenced SA.

Impact:   A remote user may be able to generate a message to cause a security association to be deleted by the target isakmpd process.
Solution:   It is reported that the vendor issued a fix for the Quick Mode encryption flaws on September 2, 2003 and for the hashed payload flaw on November 6, 2003, available via CVS.

No solution for the remaining flaws was available at the time of this entry.

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (OpenBSD)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 3 2003 OpenBSD ISAKMP Daemon (isakmpd) May Let Remote Users Delete Arbitrary Security Associations



 Source Message Contents

Subject:  Re: multiple payload handling flaws in isakmpd


information see http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/
{exchange.c.diff?r1=1.86&r2=1.87,exchange.c.diff?r1=1.86&r2=1.87}.

The issue described in section 2.4 still remains unfixed. As this is
crucial for the feasibility of the attack mentioned in section 4.2, the
whole thing is still quite bad.

Thomas Walpuski

1 - So far 2.1 was fixed for phase 2 exchanges only.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC