Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   isakmpd Vendors:   OpenBSD
(Vendor Issues Fix) OpenBSD ISAKMP Daemon (isakmpd) May Let Remote Users Delete Arbitrary Security Associations
SecurityTracker Alert ID:  1008709
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jan 17 2004
Original Entry Date:  Jan 14 2004
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Some vulnerabilities were reported in the OpenBSD ISAKMP daemon (isakmpd). A remote user may be able to cause denial of service conditions.

It is reported that the software contains flaws in the processing of delete payloads that may allow a remote user to delete IKE and IPSec security associations (SAs).

The report indicated that, in Quick Mode, isakmpd does not require message encryption. Some Main Mode messages are also affected.

It is reported that isakmpd does not use payload encryption when responding in Quick Mode when the initiator did not apply payload encryption.

It is also reported that isakmpd will accept a Phase 2 message that contains a delete payload but not a hash payload.

It is also reported that "unexpected" hash payloads are not verified.

It is also reported that when the target isakmpd server receives a delete payload during Phase 2 negotiation, the server does not validate whether the sender is the owner of the referenced SA.

Impact:   A remote user may be able to generate a message to cause a security association to be deleted by the target isakmpd process.
Solution:   The vendor has issued the following source code patch for OpenBSD 3.3 and 3.4:

Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.3, 3.4

Message History:   This archive entry is a follow-up to the message listed below.
Nov 3 2003 OpenBSD ISAKMP Daemon (isakmpd) May Let Remote Users Delete Arbitrary Security Associations

 Source Message Contents

Subject:  OpenBSD isakmpd(8) Fix

 > 009: SECURITY FIX: January 13, 2004
 > Several message handling flaws in isakmpd(8) have been reported by Thomas Walpuski.
 > These allow an attacker to delete arbitrary SAs. The patch also includes a reliability
 > fix for a filedescriptor leak that causes problems when a crypto card is installed.
 > A source code patch exists which remedies these problems.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC