Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   isakmpd Vendors:   OpenBSD
isakmpd Payload Handling Flaw Lets Remote Users Crash the Daemon
SecurityTracker Alert ID:  1009468
SecurityTracker URL:
CVE Reference:   CVE-2004-0218, CVE-2004-0219, CVE-2004-0220, CVE-2004-0221, CVE-2004-0222   (Links to External Site)
Updated:  Mar 24 2004
Original Entry Date:  Mar 17 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Some vulnerabilities were reported in the ISAKMP daemon (isakmpd) in the processing of payloads. A remote user can cause the daemon to crash.

It is reported that there are flaws in the payload validation and processing functions. A remote user can send specially crafted ISAKMP messages to cause isakmpd to crash or to loop endlessly, the report said. Some memory leaks were also reported.

The 'doi.h', 'util.h', 'ipsec.c', 'isakmp_doi.c', and 'message.c' files are affected.

Rapid7 released an advisory describing the vulnerabilities in greater detail. The vulnerabilities were detected based on testing with the Rapid7 Striker ISAKMP Protocol Test Suite.

A remote user can send a packet with a user-defined length of 0 to cause the target daemon to enter an infinite loop attempting to parse the same payload repeatedly [CVE: CVE-2004-0218].

A remote user can reportedly send a specially crafted IPSec security association (SA) packet to cause the daemon to crash [CVE: CVE-2004-0219].

A remote user can send a specially crafted ISAKMP Cert Request payload to trigger an integer underflow and a resulting memory allocation failure [CVE: CVE-2004-0220].

It is also reported that a remote user can send a specially crafted ISAKMP Delete payload that contains a large number of security protocol identifiers (SPIs) to cause the target daemon to crash [CVE: CVE-2004-0221].

Finaly, a remote user can exploit some memory leaks in the processing of isakmpd packets to cause the target daemon to consume all available memory and crash [CVE: CVE-2004-0222].

Impact:   A remote user can cause isakmpd to crash or enter an endless loop.
Solution:   OpenBSD has issued fixes for OpenBSD, available at:

Vendor URL: (Links to External Site)
Cause:   Boundary error, Exception handling error, Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)
Underlying OS Comments:  Affects OpenBSD 3.3 and 3.4

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 24 2004 (Original Advisory is Available) isakmpd Payload Handling Flaw Lets Remote Users Crash the Daemon
Rapid7 has issued their advisory.

 Source Message Contents

Subject:  isakmpd memory corruption vulnerability

Several bugs have been found in the ISAKMP daemon which can lead to memory 
leaks and a remote denial of service condition. An attacker can craft 
malformed payloads that can cause the isakmpd(8) process to stop 
processing requests.

The problem is fixed in -current, 3.4-stable and 3.3-stable.

Patches are available at:


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC