CVE-2004-0392
CVSS5.0
发布时间 :2004-06-14 00:00:00
修订时间 :2008-09-10 15:26:11
NMCOS    

[原文]racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields.


[CNNVD]KAME Racoon远程IKE消息远程拒绝服务漏洞(CNNVD-200406-047)

        
        racoon是KAME的IKE守护程序。
        KAME Racoon在处理畸形IKE消息时存在问题,远程攻击者可以利用这个漏洞对守护程序进行拒绝服务攻击。
        在IKE协议中,有"Security Association Next Payload"的特殊字段保留和另一个由工作组标记的'RESERVED'字段。当客户端使用'Agressive' KEY交换方法,插入伪造信息到这些字段(独立或一前一后),Racoon服务器就会即刻进入无限循环,丢弃所有存在连接,消耗大量系统资源而产生拒绝服务。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0392
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0392
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200406-047
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/15893
(VENDOR_ADVISORY)  XF  racoon-isakmp-dos(15893)
http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html
(VENDOR_ADVISORY)  CONFIRM  http://www.vuxml.org/freebsd/40fcf20f-8891-11d8-90d1-0020ed76ef5a.html
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.10/SCOSA-2005.10.txt
(UNKNOWN)  SCO  SCOSA-2005.10
http://orange.kame.net/dev/query-pr.cgi?pr=555
(UNKNOWN)  CONFIRM  http://orange.kame.net/dev/query-pr.cgi?pr=555

- 漏洞信息

KAME Racoon远程IKE消息远程拒绝服务漏洞
中危 其他
2004-06-14 00:00:00 2005-10-20 00:00:00
远程  
        
        racoon是KAME的IKE守护程序。
        KAME Racoon在处理畸形IKE消息时存在问题,远程攻击者可以利用这个漏洞对守护程序进行拒绝服务攻击。
        在IKE协议中,有"Security Association Next Payload"的特殊字段保留和另一个由工作组标记的'RESERVED'字段。当客户端使用'Agressive' KEY交换方法,插入伪造信息到这些字段(独立或一前一后),Racoon服务器就会即刻进入无限循环,丢弃所有存在连接,消耗大量系统资源而产生拒绝服务。
        

- 公告与补丁

        厂商补丁:
        KAME
        ----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.kame.net/

- 漏洞信息

5893
KAME Racoon IKE Header DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

Racoon contains a flaw that may allow a remote denial of service. The issue is triggered when an IKE message is received with a malformed Generic Payload Header containing invalid SANP and "Reserved" fields. The attack causes an infinite loop and drops connections, resulting in loss of availability for the service.

- 时间线

2004-05-06 Unknow
2004-05-06 Unknow

- 解决方案

Upgrade to version 20040407a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

KAME Racoon Remote IKE Message Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 10296
Yes No
2004-05-06 12:00:00 2009-07-12 04:07:00
Discovery of this issue is credited to John Lampe <jwlampe@nessus.org>.

- 受影响的程序版本

SCO Unixware 7.1.4
KAME Racoon 20040405
KAME Racoon 20030711
+ FreeBSD FreeBSD 4.9
KAME Racoon
+ FreeBSD FreeBSD 4.9
+ NetBSD NetBSD 1.6.1
+ NetBSD NetBSD 1.6
KAME Racoon 20040503
KAME Racoon 20040407b

- 不受影响的程序版本

KAME Racoon 20040503
KAME Racoon 20040407b

- 漏洞讨论

It has been reported that KAME is affected by a remote denial of service vulnerability when processing malformed IKE messages. This issue is due to a failure of the daemon to properly handle malformed messages.

This issue can be leveraged to cause the affected daemon to enter an infinite loop; effectively denying service to legitimate users.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The KAME project has released updates dealing with this issue.

SCO has released advisory SCOSA-2005.10 to address various issues in Racoon affecting UnixWare 7.1.4. Please see the referenced advisory for more information.


KAME Racoon 20040405

KAME Racoon

KAME Racoon 20030711

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站