OpenBSD isakmpd Quick Mode Message Hash Payload Validation Failure

2003-11-02T00:00:00
ID OSVDB:7258
Type osvdb
Reporter Thomas Walpuski(thomas@thinknerd.de)
Modified 2003-11-02T00:00:00

Description

Vulnerability Description

OpenBSD isakmpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when this Internet Key Exchange (IKE) daemon fails to require a hash payload before accepting a delete message during a Phase 2 exchange, also known as a Quick Mode exchange. This flaw allows the deletion of an arbitrary Internet Security Association and Key Management Protocol Security Association (ISAKMP SA) or IPsec SA, which may lead to a loss of integrity.

Solution Description

Upgrade to version 3.5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: download message.c version 1.62 or higher from the OpenBSD CVS repository and rebuild isakmpd.

Short Description

OpenBSD isakmpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when this Internet Key Exchange (IKE) daemon fails to require a hash payload before accepting a delete message during a Phase 2 exchange, also known as a Quick Mode exchange. This flaw allows the deletion of an arbitrary Internet Security Association and Key Management Protocol Security Association (ISAKMP SA) or IPsec SA, which may lead to a loss of integrity.

References:

Vendor Specific Solution URL: http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/message.c.diff?r1=1.60&r2=1.61&f=h Vendor Specific Solution URL: http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/message.c.diff?r1=1.61&r2=1.62&f=h Secunia Advisory ID:10168 Related OSVDB ID: 2845 Related OSVDB ID: 7259 Related OSVDB ID: 7257 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0007.html Keyword: RFC 2409 5.7 ISS X-Force ID: 13625 Bugtraq ID: 8964