racoon remote denial of service vulnerability (IKE Generic Payload Header)
2003-12-03T00:00:00
ID 40FCF20F-8891-11D8-90D1-0020ED76EF5A Type freebsd Reporter FreeBSD Modified 2004-04-14T00:00:00
Description
When racoon receives an IKE message with an incorrectly
constructed Generic Payload Header, it may behave erratically,
going into a tight loop and dropping connections.
{"result": {"cve": [{"id": "CVE-2004-0392", "type": "cve", "title": "CVE-2004-0392", "description": "racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) \"Security Association Next Payload\" and (2) \"RESERVED\" fields.", "published": "2004-06-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0392", "cvelist": ["CVE-2004-0392"], "lastseen": "2017-07-11T11:14:25"}], "osvdb": [{"id": "OSVDB:5893", "type": "osvdb", "title": "KAME Racoon IKE Header DoS", "description": "## Vulnerability Description\nRacoon contains a flaw that may allow a remote denial of service. The issue is triggered when an IKE message is received with a malformed Generic Payload Header containing invalid SANP and \"Reserved\" fields. The attack causes an infinite loop and drops connections, resulting in loss of availability for the service.\n## Solution Description\nUpgrade to version 20040407a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nRacoon contains a flaw that may allow a remote denial of service. The issue is triggered when an IKE message is received with a malformed Generic Payload Header containing invalid SANP and \"Reserved\" fields. The attack causes an infinite loop and drops connections, resulting in loss of availability for the service.\n## References:\n[Secunia Advisory ID:11411](https://secuniaresearch.flexerasoftware.com/advisories/11411/)\n[Secunia Advisory ID:14178](https://secuniaresearch.flexerasoftware.com/advisories/14178/)\nOther Advisory URL: http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html \nOther Advisory URL: http://orange.kame.net/dev/query-pr.cgi?pr=555\nOther Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt\nMail List Post: http://archives.neohapsis.com/archives/secunia/2004-q2/0278.html\nISS X-Force ID: 15893\nGeneric Informational URL: http://www.computerworld.dk/sikkerhed/default.asp?Mode=2&AutoArticleID=18131\n[CVE-2004-0392](https://vulners.com/cve/CVE-2004-0392)\n", "published": "2004-05-06T03:53:17", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:5893", "cvelist": ["CVE-2004-0392"], "lastseen": "2017-04-28T13:20:00"}], "nessus": [{"id": "FREEBSD_PKG_40FCF20F889111D890D10020ED76EF5A.NASL", "type": "nessus", "title": "FreeBSD : racoon remote denial of service vulnerability (IKE Generic Payload Header) (40fcf20f-8891-11d8-90d1-0020ed76ef5a)", "description": "When racoon receives an IKE message with an incorrectly constructed Generic Payload Header, it may behave erratically, going into a tight loop and dropping connections.", "published": "2005-07-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18917", "cvelist": ["CVE-2004-0392"], "lastseen": "2017-10-29T13:43:02"}, {"id": "MACOSX_SECUPD20040503.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2004-05-03)", "description": "The remote host is missing Security Update 2004-05-03.\nThis security update includes updates for AFP Server, CoreFoundation, and IPSec.\n\nIt also includes Security Update 2004-04-05, which includes updates for CUPS, libxml2, Mail, and OpenSSL.\n\nFor Mac OS X 10.2.8, it also includes updates for Apache 1.3, cd9660.util, Classic, CUPS, Directory Services, DiskArbitration, fetchmail, fs_usage, gm4, groff, Mail, OpenSSL, Personal File Sharing, PPP, rsync, Safari, System Configuration, System Initialization, and zlib.\n\nThis update fixes various issues which may allow an attacker to execute arbitrary code on the remote host.", "published": "2004-07-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=12518", "cvelist": ["CVE-2004-0430", "CVE-2004-0392", "CVE-2004-0155", "CVE-2004-0428", "CVE-2004-0113", "CVE-2004-0020", "CVE-2004-0403", "CVE-2004-0174"], "lastseen": "2017-10-29T13:38:56"}], "openvas": [{"id": "OPENVAS:52482", "type": "openvas", "title": "FreeBSD Ports: racoon", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52482", "cvelist": ["CVE-2004-0392"], "lastseen": "2017-07-02T21:10:22"}]}}
