Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   isakmpd Vendors:   OpenBSD
(Another Patch is Available) OpenBSD ISAKMP Daemon (isakmpd) May Let Remote Users Delete Arbitrary Security Associations
SecurityTracker Alert ID:  1010472
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 11 2004
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Some vulnerabilities were reported in the OpenBSD ISAKMP daemon (isakmpd). A remote user may be able to cause denial of service conditions.

It is reported that the software contains flaws in the processing of delete payloads that may allow a remote user to delete IKE and IPSec security associations (SAs).

The report indicated that, in Quick Mode, isakmpd does not require message encryption. Some Main Mode messages are also affected.

It is reported that isakmpd does not use payload encryption when responding in Quick Mode when the initiator did not apply payload encryption.

It is also reported that isakmpd will accept a Phase 2 message that contains a delete payload but not a hash payload.

It is also reported that "unexpected" hash payloads are not verified.

It is also reported that when the target isakmpd server receives a delete payload during Phase 2 negotiation, the server does not validate whether the sender is the owner of the referenced SA.

Impact:   A remote user may be able to generate a message to cause a security association to be deleted by the target isakmpd process.
Solution:   The vendor has issued a patch for OpenBSD to correct a variant of this vulnerability that was reported in June 2004:

Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  UNIX (OpenBSD)
Underlying OS Comments:  3.4, 3.5

Message History:   This archive entry is a follow-up to the message listed below.
Nov 3 2003 OpenBSD ISAKMP Daemon (isakmpd) May Let Remote Users Delete Arbitrary Security Associations

 Source Message Contents

Subject:  isakmpd(8)

SECURITY FIX: Jun 10, 2004
As disclosed by Thomas Walpuski isakmpd(8) is still vulnerable to unauthorized SA 
deletion. An attacker can delete IPsec tunnels at will.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC