Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0220

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0220
Last Modified 05 Sep 2008 04:37:51
Published 04 May 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0220

Summary

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via a an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Vulnerable Systems

Operating System

  • Openbsd 3.4


References

CERT-VN - VU#223273

XF - openbsd-isakmp-integer-underflow(15629)

OPENBSD - 20040317 015: RELIABILITY FIX: March 17, 2004

BUGTRAQ - 20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities

SECTRACK - 1009468

BID - 9907

MISC - http://www.rapid7.com/advisories/R7-0018.html


Last Updated: 27 May 2016 10:38:31