FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

isakmpd payload handling denial-of-service vulnerabilities

Affected packages
isakmpd <= 20030903

Details

VuXML ID b7cb488c-8349-11d8-a41f-0020ed76ef5a
Discovery 2004-03-17
Entry 2004-03-31
Modified 2004-09-14

Numerous errors in isakmpd's input packet validation lead to denial-of-service vulnerabilities. From the Rapid7 advisory:

The ISAKMP packet processing functions in OpenBSD's isakmpd daemon contain multiple payload handling flaws that allow a remote attacker to launch a denial of service attack against the daemon.

Carefully crafted ISAKMP packets will cause the isakmpd daemon to attempt out-of-bounds reads, exhaust available memory, or loop endlessly (consuming 100% of the CPU).

References

CVE Name CVE-2004-0218
CVE Name CVE-2004-0219
CVE Name CVE-2004-0220
CVE Name CVE-2004-0221
CVE Name CVE-2004-0222
URL http://www.openbsd.org/errata34.html
URL http://www.rapid7.com/advisories/R7-0018.html