SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   IPSec Vendors:   OpenBSD
OpenBSD isakmpd Error in pfkeyv2_acquire() Lets Local Users Deny Service
SecurityTracker Alert ID:  1012511
SecurityTracker URL:  http://securitytracker.com/id/1012511
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 14 2004
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): OpenBSD 3.4, 3.5, 3.6
Description:   A vulnerability was reported in OpenBSD in isakmpd(8). A local user can trigger a kernel panic.

The vendor reported that if the target system is running isakmpd(8), a local user can set ipsec(4) credentials on a socket to corrupt kernel memory and cause the system to panic.

The flaw resides in the pfkeyv2_acquire() function in 'sys/net/pfkeyv2.c'.

The vendor credits Stefan Miltchev with reporting this flaw.

Impact:   A local user can cause a kernel panic.
Solution:   The vendor has issued a fix in OpenBSD-current and the OpenBSD 3.6, 3.5, and 3.4 -stable branches.

Patches are also available for OpenBSD 3.6, 3.5 and 3.4:

ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/035_pfkey.patch

Vendor URL:  www.openbsd.org/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  kernel heap overflow in IPsec


On systems running isakmpd(8) it is possible for a local user to
cause kernel memory corruption and system panic by setting ipsec(4)
credentials on a socket.  Stopping isakmpd(8) does not prevent the
memory corruption.

This has been fixed in OpenBSD-current, and the OpenBSD 3.6, 3.5,
and 3.4 -stable branches.  Patches are also available for OpenBSD
3.6, 3.5 and 3.4:

    ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch
    ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/024_pfkey.patch
    ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.4/common/035_pfkey.patch

Thanks to Stefan Miltchev for reporting the problem.

-markus

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC