Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0221

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0221
Last Modified 05 Sep 2008 04:37:51
Published 04 May 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0221

Summary

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite.

Vulnerable Systems

Operating System

  • Openbsd 3.4


References

CERT-VN - VU#524497

XF - openbsd-isakmp-delete-dos(15630)

BUGTRAQ - 20040323 R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities

MISC - http://www.rapid7.com/advisories/R7-0018.html

OPENBSD - 20040317 015: RELIABILITY FIX: March 17, 2004

SECTRACK - 1009468

BID - 9907


Last Updated: 27 May 2016 10:38:31