CVE-2004-0219

isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service crash via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite...

unauthorized deletion of IPsec (and ISAKMP) SAs in racoon

0 Preface Now that most bugs in isakmpd that allowed for unauthorized SA deletion are "fixed", it's time to release some information on racoon. By the way: About 5 months ago I tried to contact the KAME developers. 1 Description racoon, KAME's IKE daemon, contains some flaws, that allow for...

CVE-2003-1004

Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service dropped IPSec tunnel connection via an IKE Phase I negotiation request to the outside interface of the firewall...

Re: multiple payload handling flaws in isakmpd, again

There is one important thing I forgot to mention. In isakmpd deleting an IPsec SA also means deleting the appropriate IPsec policy in almost any case. Take a look at pfkeyv2deletespi in pfkeyv2.c. It calls pfkeyv2disablesa, the policy eraser ;-, if the SA was not acquired through the kernel: if...

CVE-2003-1004

Cisco PIX firewall versions 6.2.x through 6.2.3, when configured as a VPN Client, are affected by CVE-2003-1004. A remote attacker can cause a denial of service (dropped IPSec tunnel) by sending an IKE Phase I negotiation request to the firewall’s outside interface. The connected sources consiste...

Cisco PIX multiple bugs

SNMPv3 message causes device to reboot. If device is configured as VPN client and another VPN client connects IPSec tunnel may be broken during IKE phase...

CVE-2003-0242

IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies...

CVE-2003-0258

Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication...

CVE-2003-0242

IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies...

CVE-2003-0242

Mac OS X IPSec before 10.2.6 is affected by a vulnerability in how incoming security policies that match by port are processed. The IPSec implementation may allow traffic that should be blocked by policy, potentially bypassing ACLs and reaching a host that should not be reachable. At a high level...

CVE-2003-0258

CVE-2003-0258 affects Cisco VPN 3000 Series Concentrators and Cisco VPN 3002 Hardware Client (3.5.x–4.0.REL). When IPSec over TCP is enabled for a port on the concentrator, traffic forwarded on that port may be delivered to all hosts on the protected network, not only those using IPsec, enabling ...

CVE-2002-0414

Affected software: KAME-derived IPsec implementations on NetBSD 1.5.2, FreeBSD 4.5, and other OSes. Vulnerability: the implementation does not properly consult the Security Policy Database (SPD), which can allow a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to for...

CVE-2002-0414

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database SPD, which could cause a Security Gateway SG that does not use Encapsulating Security Payload ESP to forward forged IPv4 packets...

Cisco VPN 3000 Concentrator LAN-to-LAN IPSEC Tunnel Connection Termination DoS (CSCdx54675)

The remote VPN concentrator is subject to a LAN-to-LAN IPSEC tunnel vulnerability which allows remote attackers to cause a denial of service. Existing associations might be removed when a new connection is made and no check is done in order to determine if the connection comes from the proper...

PT-2002-2837 · Microsoft · Windows Xp

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP affected versions not specified Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by flooding UDP port 500, which is used for ISAKMP. Recommendations: At the moment...

[SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 201-1 [email protected] http://www.debian.org/security/ Martin Schulze December 2nd, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 201-1 [email protected] http://www.debian.org/security/ Martin Schulze December 2nd, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 201-1 [email protected] http://www.debian.org/security/ Martin Schulze December 2nd, 2002 http://www.debian.org/security/faq -...

DSA-201 freeswan - denial of service

Bulletin has no description...

CVE-2002-0666

IPSEC implementations including 1 FreeS/WAN and 2 KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service kernel panic via spoofed, short Encapsulating Security Payload ESP packets, which result in integer signedness errors...