OpenBSD Information for VU#996177

Multiple memory leak vulnerabilities in isakmpd

Status

Affected

Vendor Statement

Several bugs have been found in the ISAKMP daemon which can lead to memory
leaks and a remote denial of service condition. An attacker can craft
malformed payloads that can cause the isakmpd(8) process to stop
processing requests.

The problem is fixed in -current, 3.4-stable and 3.3-stable.

Patches are available at:

 
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/015_isakmpd2.patch
 
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.3/common/020_isakmpd2.patch

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.