{"id": "CVE-2004-0219", "bulletinFamily": "NVD", "title": "CVE-2004-0219", "description": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.", "published": "2004-05-04T00:00:00", "modified": "2017-07-10T21:29:58", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0219", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/9907", "http://marc.info/?l=bugtraq&m=108008530028019&w=2", "http://www.rapid7.com/advisories/R7-0018.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/15628", "http://www.openbsd.org/errata.html", "http://www.securitytracker.com/alerts/2004/Mar/1009468.html", "http://www.kb.cert.org/vuls/id/785945"], "cvelist": ["CVE-2004-0219"], "type": "cve", "lastseen": "2017-07-11T11:14:23", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:openbsd:openbsd:3.4"], "cvelist": ["CVE-2004-0219"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.", "edition": 2, "enchantments": {}, "hash": "05c4e2d8a9f5d2d673837b8a2e80504e0f265a775dac86ea4a51a223a14d71f0", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6791c3062eeea7e1e552bed899183a61", "key": "href"}, {"hash": "67a96488bb26d45b1bdd22bf98fdd68c", "key": "published"}, {"hash": "d24d73dfffda87a71e12d2e83d768757", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "83e99b5a5ea10575e80fd58a82b6d79c", "key": "cpe"}, {"hash": "c64316171b1ce1168f25b72166d9cad0", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "aa05a57f85891db528d774bdd7906490", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "881426a57cf08fb2abd5b5de3715bb0b", "key": "references"}, {"hash": "fe830928618c2185b83bb2eac3de2791", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0219", "id": "CVE-2004-0219", "lastseen": "2017-04-18T15:50:11", "modified": "2016-10-17T22:42:01", "objectVersion": "1.2", "published": "2004-05-04T00:00:00", "references": ["http://www.securityfocus.com/bid/9907", "http://marc.info/?l=bugtraq&m=108008530028019&w=2", "http://www.rapid7.com/advisories/R7-0018.html", "http://www.openbsd.org/errata.html", "http://www.securitytracker.com/alerts/2004/Mar/1009468.html", "http://www.kb.cert.org/vuls/id/785945", "http://xforce.iss.net/xforce/xfdb/15628"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-0219", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:50:11"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/o:openbsd:openbsd:3.4"], "cvelist": ["CVE-2004-0219"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite.", "edition": 1, "hash": "d2d9fe14be1fae704366a2c7d8217ba86f180f72b7221b59916330e8673d336f", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6791c3062eeea7e1e552bed899183a61", "key": "href"}, {"hash": "67a96488bb26d45b1bdd22bf98fdd68c", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "d24d73dfffda87a71e12d2e83d768757", "key": "title"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "195724e35aa4f03e45378ec72aaf4d1d", "key": "modified"}, {"hash": "aa4e6c370f298fe2137900d006af316d", "key": "references"}, {"hash": "83e99b5a5ea10575e80fd58a82b6d79c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "aa05a57f85891db528d774bdd7906490", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "fe830928618c2185b83bb2eac3de2791", "key": "cvelist"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0219", "id": "CVE-2004-0219", "lastseen": "2016-09-03T04:19:40", "modified": "2008-09-10T15:25:31", "objectVersion": "1.2", "published": "2004-05-04T00:00:00", "references": ["http://www.securityfocus.com/bid/9907", "http://www.rapid7.com/advisories/R7-0018.html", "http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2", "http://www.openbsd.org/errata.html", "http://www.securitytracker.com/alerts/2004/Mar/1009468.html", "http://www.kb.cert.org/vuls/id/785945", "http://xforce.iss.net/xforce/xfdb/15628"], "reporter": "NVD", "scanner": [], "title": "CVE-2004-0219", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T04:19:40"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "83e99b5a5ea10575e80fd58a82b6d79c"}, {"key": "cvelist", "hash": "fe830928618c2185b83bb2eac3de2791"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "aa05a57f85891db528d774bdd7906490"}, {"key": "href", "hash": "6791c3062eeea7e1e552bed899183a61"}, {"key": "modified", "hash": "09903e0f0df76b02bf39e07462824130"}, {"key": "published", "hash": "67a96488bb26d45b1bdd22bf98fdd68c"}, {"key": "references", "hash": "4d8302ea463157b4a8f8c161caf2d777"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "d24d73dfffda87a71e12d2e83d768757"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ffcc23c573c8e4a7c27e3213162746705cb5f565f436e391862023d8f180464e", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "cpe": ["cpe:/o:openbsd:openbsd:3.4"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"result": {"cert": [{"id": "VU:785945", "type": "cert", "title": "isakmpd crashes when handling ISAKMP packets with malformed \"Security Association Payload\"", "description": "### Overview\n\nA vulnerability exists in the `isakmpd` that could allow a remote attacker to cause a denial of service.\n\n### Description\n\nThe OpenBSD [`isakmpd`](<http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html>) establishes security associations for encrypted and authenticated (IPsec) network traffic. It implements the Internet Security Association and Key Management Protocol [(ISAKMP)](<http://www.ietf.org/rfc/rfc2408.txt>) and Internet Key Exchange [(IKE)](<http://www.ietf.org/rfc/rfc2409.txt>) protocol. The ISAKMP standard specifies: \n\nThe Security Association Payload is used to negotiate security attributes and to indicate the Domain of Interpretation (DOI) and Situation under which the negotiation is taking place.\n\n \nA flaw exists in the way that `isakmpd` handles ISAKMP packets containing a malformed \"Security Association Payload\". Such malformed packets could cause `isakmpd` to read out of bounds and crash. \n \n--- \n \n### Impact\n\nA remote attacker could cause the `isakmpd` service to crash. Subsequent IPsec-enabled communications may be disrupted as a result. \n \n--- \n \n### Solution\n\n**Apply a patch from the vendor** \n \nPatches have been released to address this issue. Please see the Systems Affected section of this document for more details. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nOpenBSD| | -| 20 Aug 2004 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23785945 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * None\n\n### Credit\n\nThis vulnerability was discovered by [Rapid7](<http://www.rapid7.com/>) using their Striker test suite.\n\nThis document was written by Chad R Dougherty based on information published in [Rapid7 Advisory R7-0018](<http://www.rapid7.com/advisories/R7-0018.html>).\n\n### Other Information\n\n * CVE IDs: [CAN-2004-0219](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2004-0219>)\n * Date Public: 19 Mar 2004\n * Date First Published: 27 Aug 2004\n * Date Last Updated: 27 Aug 2004\n * Severity Metric: 1.69\n * Document Revision: 8\n\n", "published": "2004-08-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/785945", "cvelist": ["CVE-2004-0219", "CVE-2004-0219"], "lastseen": "2016-02-03T09:12:07"}], "osvdb": [{"id": "OSVDB:5698", "type": "osvdb", "title": "OpenBSD isakmpd IPSEC SA Payload Handling DoS", "description": "## Vulnerability Description\nOpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially-crafted ISAKMP packet containing a malformed IPSEC SA payload, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, OpenBSD has released a patch to address this vulnerability.\n## Short Description\nOpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially-crafted ISAKMP packet containing a malformed IPSEC SA payload, and will result in loss of availability for the service.\n## References:\nVendor URL: http://www.openbsd.org/errata.html\nSecurity Tracker: 1009468\n[Secunia Advisory ID:11156](https://secuniaresearch.flexerasoftware.com/advisories/11156/)\n[Related OSVDB ID: 5700](https://vulners.com/osvdb/OSVDB:5700)\n[Related OSVDB ID: 5701](https://vulners.com/osvdb/OSVDB:5701)\n[Related OSVDB ID: 5699](https://vulners.com/osvdb/OSVDB:5699)\n[Related OSVDB ID: 4336](https://vulners.com/osvdb/OSVDB:4336)\nOther Advisory URL: http://packetstormsecurity.nl/0403-advisories/R7-0018.isakmpd.txt\nOther Advisory URL: http://www.rapid7.com/advisories/R7-0018.html\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108008530028019&w=2\nKeyword: rapid7,ipsec,vpn\nISS X-Force ID: 15628\n[CVE-2004-0219](https://vulners.com/cve/CVE-2004-0219)\nBugtraq ID: 10029\n", "published": "2004-03-23T10:17:09", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:5698", "cvelist": ["CVE-2004-0219"], "lastseen": "2017-04-28T13:20:00"}], "freebsd": [{"id": "B7CB488C-8349-11D8-A41F-0020ED76EF5A", "type": "freebsd", "title": "isakmpd payload handling denial-of-service vulnerabilities", "description": "\nNumerous errors in isakmpd's input packet validation lead to\n\t denial-of-service vulnerabilities. From the Rapid7 advisory:\n\nThe ISAKMP packet processing functions in OpenBSD's\n\t isakmpd daemon contain multiple payload handling flaws\n\t that allow a remote attacker to launch a denial of\n\t service attack against the daemon.\nCarefully crafted ISAKMP packets will cause the isakmpd\n\t daemon to attempt out-of-bounds reads, exhaust available\n\t memory, or loop endlessly (consuming 100% of the CPU).\n\n", "published": "2004-03-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/b7cb488c-8349-11d8-a41f-0020ed76ef5a.html", "cvelist": ["CVE-2004-0220", "CVE-2004-0218", "CVE-2004-0221", "CVE-2004-0219", "CVE-2004-0222"], "lastseen": "2016-09-26T17:25:21"}], "nessus": [{"id": "FREEBSD_PKG_B7CB488C834911D8A41F0020ED76EF5A.NASL", "type": "nessus", "title": "FreeBSD : isakmpd payload handling denial-of-service vulnerabilities (b7cb488c-8349-11d8-a41f-0020ed76ef5a)", "description": "Numerous errors in isakmpd's input packet validation lead to denial-of-service vulnerabilities. From the Rapid7 advisory :\n\nThe ISAKMP packet processing functions in OpenBSD's isakmpd daemon contain multiple payload handling flaws that allow a remote attacker to launch a denial of service attack against the daemon.\n\nCarefully crafted ISAKMP packets will cause the isakmpd daemon to attempt out-of-bounds reads, exhaust available memory, or loop endlessly (consuming 100% of the CPU).", "published": "2005-07-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19096", "cvelist": ["CVE-2004-0220", "CVE-2004-0218", "CVE-2004-0221", "CVE-2004-0219", "CVE-2004-0222"], "lastseen": "2017-10-29T13:44:18"}], "openvas": [{"id": "OPENVAS:52399", "type": "openvas", "title": "FreeBSD Ports: isakmpd", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52399", "cvelist": ["CVE-2004-0220", "CVE-2004-0218", "CVE-2004-0221", "CVE-2004-0219", "CVE-2004-0222"], "lastseen": "2017-07-02T21:10:12"}]}}