Racoon ISAKMP packet denial of service

racoon-isakmp-dos (15893) The risk level is classified as MediumMedium Risk

Description:

Racoon is vulnerable to a denial of service. By sending a specially-crafted ISAKMP packet containing a long length field, a remote attacker could consume all available resources, which would result in a denial of service.


Consequences:

Denial of Service

Remedy:

Upgrade to the latest version of Racon (20040408a or later), available from the Racoon Web page. See References.

For Gentoo Linux:
Upgrade to the latest version of ipsec (0.3.1 or later) and iputils (021109-r3 or later), as listed in GLSA 200404-17. See References.

For Mandrake Linux:
Upgrade to the latest ipsec package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:069 : ipsec-tools for more information. See References.

Mandrake Linux 10.0: 0.2.5-0.2.100mdk or later

For SCO UnixWare 7.1.4:
Upgrade to the appropriate fixed binaries, as listed in SCO Security Advisory SCOSA-2005.10. See References.

For Conectiva Linux 10.0:
Upgrade to the latest version of ipsec-tools (0.5.2 or later), as listed in Conectiva Linux Security Announcement CLSA-2005:971. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

  • Conectiva Linux Security Announcement CLSA-2005:971: Fixes for ipsec-tools.
  • FreeBSD VuXML Web page: racoon remote denial of service vulnerability (ISAKMP header length field).
  • GLSA 200404-17: ipsec-tools and iputils contain a remote DoS vulnerability.
  • Racoon ChangeLog Web page: RCS file: /cvsroot/kame/kame/kame/kame/racoon/isakmp.c,v.
  • Racoon Web page: Racoon.
  • SCO Security Advisory: SCOSA-2005.10.
  • BID-10172: KAME Racoon Malformed ISAKMP Packet Denial of Service Vulnerability
  • BID-10296: KAME Racoon Remote IKE Message Denial Of Service Vulnerability
  • CVE-2004-0392: racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) Security Association Next Payload and (2) RESERVED fields.
  • CVE-2004-0403: Racoon before 20040408a allows remote attackers to cause a denial of service (memory consumption) via an ISAKMP packet with a large length field.
  • GLSA-200404-17: ipsec-tools and iputils contain a remote DoS vulnerability
  • MDKSA-2004:069: Updated ipsec-tools packages fix multiple vulnerabilities
  • OSVDB ID: 5491: KAME Racoon ISAKMP Header Length DoS
  • RHSA-2004-165: ipsec-tools security update
  • SA11410: KAME Racoon ISAKMP Header Length Field Denial of Service
  • SA11877: IPsec-Tools Denial of Service and Certificate Validation Vulnerabilities
  • SECTRACK ID: 1009937: Racoon Can Be Crashed By Remote Users Sending Large ISAKMP Length Values

Platforms Affected:

  • Conectiva Linux 10
  • Gentoo Linux
  • KAME Project Racoon prior to 20040408a
  • MandrakeSoft Mandrake Linux 10.0
  • MandrakeSoft Mandrake Linux 10.0 AMD64
  • RedHat Enterprise Linux 3 ES
  • RedHat Enterprise Linux 3 WS
  • RedHat Enterprise Linux 3 AS

Reported:

Apr 14, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page