ID CVE-2004-0164
Summary KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
References
Vulnerable Configurations
  • cpe:2.3:a:kame:racoon:all_versions
    cpe:2.3:a:kame:racoon:all_versions
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
exploit-db via4
description KAME Racoon "Initial Contact" SA Deletion Vulnerability. CVE-2004-0164. Dos exploit for freebsd platform
id EDB-ID:23540
last seen 2016-02-02
modified 2004-01-14
published 2004-01-14
reporter Thomas Walpuski
source https://www.exploit-db.com/download/23540/
title KAME Racoon "Initial Contact" SA Deletion Vulnerability
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_RACOON_20040116A.NASL
    description The following package needs to be updated: racoon
    last seen 2016-09-26
    modified 2011-10-03
    plugin id 12607
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12607
    title FreeBSD : racoon security association deletion vulnerability (162)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_739BB51D7E8211D896450020ED76EF5A.NASL
    description A remote attacker may use specially crafted IKE/ISAKMP messages to cause racoon to delete security associations. This could result in denial-of-service or possibly cause sensitive traffic to be transmitted in plaintext, depending upon configuration.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 38002
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38002
    title FreeBSD : racoon security association deletion vulnerability (739bb51d-7e82-11d8-9645-0020ed76ef5a)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-165.NASL
    description An updated ipsec-tools package that fixes vulnerabilities in racoon (the ISAKMP daemon) is now available. IPSEC uses strong cryptography to provide both authentication and encryption services. With versions of ipsec-tools prior to 0.2.3, it was possible for an attacker to cause unauthorized deletion of SA (Security Associations.) The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0164 to this issue. With versions of ipsec-tools prior to 0.2.5, the RSA signature on x.509 certificates was not properly verified when using certificate based authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0155 to this issue. When ipsec-tools receives an ISAKMP header, it will attempt to allocate sufficient memory for the entire ISAKMP message according to the header's length field. If an attacker crafts an ISAKMP header with a extremely large value in the length field, racoon may exceed operating system resource limits and be terminated, resulting in a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0403 to this issue. User of IPSEC should upgrade to this updated package, which contains ipsec-tools version 0.25 along with a security patch for CVE-2004-0403 which resolves all these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12488
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12488
    title RHEL 3 : ipsec-tools (RHSA-2004:165)
oval via4
  • accepted 2010-09-20T04:00:47.070-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    • name Jonathan Baker
      organization The MITRE Corporation
    description KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
    family unix
    id oval:org.mitre.oval:def:947
    status accepted
    submitted 2004-05-12T12:00:00.000-04:00
    title KAME IKE Daemon Improper Hash Value Handling
    version 36
  • accepted 2013-04-29T04:21:44.817-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
    family unix
    id oval:org.mitre.oval:def:9737
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
    version 23
redhat via4
rpms ipsec-tools-0:0.2.5-0.4
refmap via4
apple APPLE-SA-2004-02-23
bid
  • 9416
  • 9417
bugtraq
  • 20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
  • 20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
netbsd NetBSD-SA2004-001
xf
  • openbsd-isakmp-initialcontact-delete-sa(14118)
  • openbsd-isakmp-invalidspi-delete-sa(14117)
Last major update 17-10-2016 - 22:41
Published 03-03-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top