FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0164

This CVE name corresponds to:

Entered Topic
2004-03-25 racoon security association deletion vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0164 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0164
Phase Modified(20100819)

Description

KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.

References

Source Reference
BUGTRAQ 20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
BUGTRAQ 20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon
APPLE APPLE-SA-2004-02-23
NETBSD NetBSD-SA2004-001
OVAL oval:org.mitre.oval:def:9737
XF openbsd-isakmp-initialcontact-delete-sa(14118)
XF openbsd-isakmp-invalidspi-delete-sa(14117)
BID 9416
BID 9417
OVAL oval:org.mitre.oval:def:947

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.