Racoon ISAKMP packet denial of service
| racoon-isakmp-dos (15893) |  Low Risk |
Description:
Racoon is vulnerable to a denial of service. By sending a specially-crafted ISAKMP packet containing a long length field, a remote attacker could consume all available resources, which would result in a denial of service.
Platforms Affected:
- Conectiva, Linux 10
- Gentoo, Linux
- KAME Project, Racoon prior to 20040408a
- MandrakeSoft, Mandrake Linux 10.0 AMD64
- MandrakeSoft, Mandrake Linux 10.0
- RedHat, Enterprise Linux 3 ES
- RedHat, Enterprise Linux 3 WS
- RedHat, Enterprise Linux 3 AS
Remedy:
Upgrade to the latest version of Racon (20040408a or later), available from the Racoon Web page. See References.
For Gentoo Linux:
Upgrade to the latest version of ipsec (0.3.1 or later) and iputils (021109-r3 or later), as listed in GLSA 200404-17. See References.
For Mandrake Linux:
Upgrade to the latest ipsec package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:069 : ipsec-tools for more information. See References.
Mandrake Linux 10.0: 0.2.5-0.2.100mdk or later
For SCO UnixWare 7.1.4:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.10. See References.
For Conectiva Linux 10.0:
Upgrade to the latest version of ipsec-tools (0.5.2 or later), as listed in Conectiva Linux Security Announcement CLSA-2005:971. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Denial of Service
References:
- Conectiva Linux Security Announcement CLSA-2005:971, Fixes for ipsec-tools at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000971.
- FreeBSD VuXML Web page, racoon remote denial of service vulnerability (ISAKMP header length field) at http://www.vuxml.org/freebsd/ccd698df-8e20-11d8-90d1-0020ed76ef5a.html.
- GLSA 200404-17, ipsec-tools and iputils contain a remote DoS vulnerability at http://www.linuxsecurity.com/content/view/105984/104/.
- Racoon ChangeLog Web page, RCS file: /cvsroot/kame/kame/kame/kame/racoon/isakmp.c,v at http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/isakmp.c.diff?r1=1.180&r2=1.181.
- Racoon Web page, Racoon at http://www.kame.net/dev/cvsweb2.cgi/kame/kame/kame/racoon/.
- SCO Security Advisory, SCOSA-2005.10 at ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt.
- BID-10172: KAME Racoon Malformed ISAKMP Packet Denial of Service Vulnerability
- BID-10296: KAME Racoon Remote IKE Message Denial Of Service Vulnerability
- CVE-2004-0392: racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) Security Association Next Payload and (2) RESERVED fields.
- CVE-2004-0403: Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
- GLSA-200404-17: ipsec-tools and iputils contain a remote DoS vulnerability
- MDKSA-2004:069: Updated ipsec-tools packages fix multiple vulnerabilities
- OSVDB ID: 5491: KAME Racoon ISAKMP Header Length DoS
- RHSA-2004-165: ipsec-tools security update
- SA11410: KAME Racoon ISAKMP Header Length Field Denial of Service
- SA11877: IPsec-Tools Denial of Service and Certificate Validation Vulnerabilities
- SECTRACK ID: 1009937: Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values
Reported:
Apr 14, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net